Resubmissions
18-11-2022 14:52
221118-r85mhshf55 108-11-2022 14:30
221108-rvcpkscaa3 807-11-2022 15:52
221107-tbh4csefh4 807-11-2022 10:35
221107-mm5m6secgn 106-11-2022 13:08
221106-qdjk5aehgj 905-11-2022 20:23
221105-y589vsbhcj 805-11-2022 16:11
221105-tm8s6aaggj 1005-11-2022 07:34
221105-jd7jmaggal 804-11-2022 20:40
221104-zgabascfgq 8Analysis
-
max time kernel
560s -
max time network
2677s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
04-11-2022 20:01
General
-
Target
https://github.com
Score
10/10
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
gameservice.ddns.net:4320
Mutex
DC_MUTEX-WBUNVXD
Attributes
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Signatures
-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Executes dropped EXE 12 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 2 IoCs
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 50 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd79014f50,0x7ffd79014f60,0x7ffd79014f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1988 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4292 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5100 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5192 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5184 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5592 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4420 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=908 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2324 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4608 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1604,14660418424399108183,2158737426390409522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f41⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3032_1531015159\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3032_1531015159\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={30ac608f-b063-4ee9-a7b3-a35d8831e020} --system2⤵
- Executes dropped EXE
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\WinlockerBuilderv5.exe"C:\Users\Admin\Desktop\WinlockerBuilderv5.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svshost.exe"C:\Users\Admin\AppData\Local\Temp\svshost.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\WinlockerBuilderv5.exe"C:\Users\Admin\AppData\Local\Temp\WinlockerBuilderv5.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"4⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Documents\AudioDriver\taskhost.exe"C:\Users\Admin\Documents\AudioDriver\taskhost.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\Documents\AudioDriver\taskhost.exe"C:\Users\Admin\Documents\AudioDriver\taskhost.exe"6⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\jusched.exe"C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\jusched.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\svshost.exe"C:\Users\Admin\AppData\Local\Temp\svshost.exe"3⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\WinlockerBuilderv5.exe"C:\Users\Admin\AppData\Local\Temp\WinlockerBuilderv5.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"C:\Users\Admin\AppData\Local\Temp\upx_compresser.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xf8,0x128,0x7ffd79014f50,0x7ffd79014f60,0x7ffd79014f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1676 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2028 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4804 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3920 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3852 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5184 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3540 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.289.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\104.289.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=HzZLV1WIyqtHIfugNXQ1HQWXYRXyzqBSAmPRiaN3 --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off2⤵
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.289.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.289.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=104.289.200 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ff7ef3b2d20,0x7ff7ef3b2d30,0x7ff7ef3b2d403⤵
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.289.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.289.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3424_KVKOQIQTPOJGNWYT" --sandboxed-process-id=2 --init-done-notifier=804 --sandbox-mojo-pipe-token=16874830622180331594 --mojo-platform-channel-handle=780 --engine=23⤵
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.289.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\104.289.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3424_KVKOQIQTPOJGNWYT" --sandboxed-process-id=3 --init-done-notifier=1028 --sandbox-mojo-pipe-token=2641629539227878389 --mojo-platform-channel-handle=10203⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3796 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4028 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5908 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5868 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3264 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,507319576754547662,2209318455361477266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4788 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 428 -p 4116 -ip 41161⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4116 -s 29081⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 472 -p 1728 -ip 17281⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1728 -s 29281⤵
- Program crash
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd79014f50,0x7ffd79014f60,0x7ffd79014f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2796 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4732 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Users\Admin\Downloads\PartyPokerSetup.exe"C:\Users\Admin\Downloads\PartyPokerSetup.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\PartyPokerSetup.exe_Installer\SmartInstaller.exe"C:\Users\Admin\AppData\Local\Temp\PartyPokerSetup.exe_Installer\SmartInstaller.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\SIInvoker.exe"C:\Users\Admin\AppData\Local\Temp\SIInvoker.exe" NavigateURL=http://www1.partypoker.com/pam_images/installer/ni_si.htm?pid=PartyPoker&lid=en_US&sid=4&uid=&AbortStatus=0&OS=Microsoft Professional(build 9200), 64-bit&tduid=&wmid=4442638&AdminUser=14⤵
-
C:\Users\Admin\AppData\Local\Temp\SIInvoker.exe"C:\Users\Admin\AppData\Local\Temp\SIInvoker.exe" NavigateURL=http://www1.partypoker.com/pam_images/installer/ni_si.htm?pid=PartyPoker&lid=en_US&sid=7&uid=&AbortStatus=0&OS=Microsoft Professional(build 9200), 64-bit&tduid=&wmid=4442638&AdminUser=14⤵
-
C:\Programs\PartyGaming\PartyGaming.exe"C:\Programs\PartyGaming\PartyGaming.exe" -P=PartyPoker4⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=gpu-process --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --log-severity=error --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file=cef_debug.log --mojo-platform-channel-handle=2656 /prefetch:25⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=error --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file=cef_debug.log --mojo-platform-channel-handle=2864 /prefetch:85⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=error --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file=cef_debug.log --mojo-platform-channel-handle=2888 /prefetch:85⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3108 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3116 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3728 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=3864 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=3220 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4760 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=4820 /prefetch:15⤵
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4648 /prefetch:15⤵
- Adds Run key to start application
-
C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe"C:\Programs\PartyGaming\EBEngine\GGC5\pgwebrenderer.exe" --type=renderer --log-severity=error --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --log-file=cef_debug.log --js-flags=--gc_global --field-trial-handle=2552,15892340526356972758,18321773770913752192,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4900 /prefetch:15⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SelfDestruct.bat" "C:\Users\Admin\AppData\Local\Temp\PartyPokerSetup.exe_Installer\""4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c Tasklist /NH /FI "IMAGENAME EQ SmartInstaller.exe"5⤵
-
C:\Windows\SysWOW64\tasklist.exeTasklist /NH /FI "IMAGENAME EQ SmartInstaller.exe"6⤵
- Enumerates processes with tasklist
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7100 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4768 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4932 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3488 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5036 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3316 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3100 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1580 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6284 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1600,17251446340923018770,14425643882676426028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3032_1531015159\ChromeRecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3Filesize
141KB
MD5ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA110958b0f690ae8f5240e1528b1ccffff28a33272
SHA2567c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA5126c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\svshost.exeFilesize
4.0MB
MD52df0daacf8be5126ddbaa7ba9a83be58
SHA10889fcd78f5bf71ca04280fe97b7507b6b114ba3
SHA2560936e508e142466b6d83e49b27513be2207822f91ac2d038023a86d6ccd29b2a
SHA5120348f7511803198d5d81b10bac08b9e9e79bfd1d193c9a72b1bf3883bd49d18ec21a998e4a056206fac539c73843b31c10437838eb38746bd062e682f2df120e
-
C:\Users\Admin\AppData\Local\Temp\svshost.exeFilesize
4.0MB
MD52df0daacf8be5126ddbaa7ba9a83be58
SHA10889fcd78f5bf71ca04280fe97b7507b6b114ba3
SHA2560936e508e142466b6d83e49b27513be2207822f91ac2d038023a86d6ccd29b2a
SHA5120348f7511803198d5d81b10bac08b9e9e79bfd1d193c9a72b1bf3883bd49d18ec21a998e4a056206fac539c73843b31c10437838eb38746bd062e682f2df120e
-
C:\Users\Admin\Desktop\ApproveComplete.potFilesize
1.1MB
MD525d593edf9f70aea3703f29976a00466
SHA14005c68e65cd27897296d7763d13ac896e1e193f
SHA256ca265550fbc22585a0f6b399974c9b6f7f10bd2be44ab797539cbd2b7e5a0776
SHA5129da2aab8d5d899a2e37b236768788c2ce92e5f24264b62dfeca6ca7c6455884fc1b5409f3fe6a1e491ea8600771f2d7f5db0d3c2bcd0147e1bb9ee5c2858361b
-
C:\Users\Admin\Desktop\BackupConvertTo.3gpFilesize
482KB
MD518e25b187771d83307c13e9d0e9d8249
SHA1121f5e99a000db6aadce70f8db7d7f115ad8720b
SHA256e73625227d802ec3aa04cb5f7f2756b373fb2c55e862d586e83baf24088be975
SHA512acef8306882453c286694b6d0ca080dc5e54004f2ac6ee45fdc9dc3291905bcea4e62427925f38a5fcadaac09a459e63621bf135290a7a86e658529f1f6d7229
-
C:\Users\Admin\Desktop\BackupPop.vsdxFilesize
562KB
MD5226e59853eb1271588a86b204b9c1347
SHA19b9c0810b7d96053124104dbb3d569afeb49a3ac
SHA25617a00440f5e6b8a21227ac3a75e5148cf69fb680fcb193327572f98010c3ed1b
SHA512b228053ee08e20ad233dcc05afb99c6aad81b45b064efa8bf1c0cb6b153408cc559cc1c3656884dda5d5044c3848463a01b5832e0e1b0bb1afe5e5d807ad9cd3
-
C:\Users\Admin\Desktop\ConvertFromEnable.mpgFilesize
803KB
MD5c29cc7ecc899625d7e28dad5e45e7b05
SHA1014cea25aec18988b8f912f6dc6c2f6fd2a06e64
SHA256530563b092d86ddbb585065454396e296892c2ee9b51e97a4ccee41bb7d870f0
SHA51245a8105159a9d1b986281855d5cd6888d384af823a007115e43445a462d7278c32465b4cbf2bd30799cf2a95c2ede1401ea6cfbd550e54a93852496d5eee982f
-
C:\Users\Admin\Desktop\ConvertGrant.pptxFilesize
763KB
MD5bf18e5cc302f62d6976986f844978e3b
SHA10d5c76c6b97b4242250f51fde4ee969c00d95514
SHA2564294a4f640eecdc49bb1a3b2977013dafffa076ce5c72fe628140a52856879ae
SHA5124e7313fcd33ef19301e2a2b52940ee35510596743f02710297f8c8524c8cc8aa61f0f547ecb2f7f357beed11139ce0ce2ad2196ac46f4b6891ca88fb8a886898
-
C:\Users\Admin\Desktop\DenyRegister.dwgFilesize
683KB
MD5c1e707841e0c7d403800bb5b08aa65e5
SHA19b5aa2c3f849f69a9d1b067e86a7f4706f088b8c
SHA25651c04dbb44bf7190605e45d869950e77883c6d14d256b404ab547b7fc253dcac
SHA51243858b1c3be0f509fcec6333eb15af988a79160a54d58b6a7a56f23fe38affebd5ab58e64af0eba1641498ece2afb9e18c10b47f4ca7897a28cc5664eb2dead1
-
C:\Users\Admin\Desktop\DenySubmit.mpegFilesize
602KB
MD53e0cb04137cbe9fc768c1668239f1781
SHA1ac23ddfebac0d0c5cc3387f56d77d88319ff35bf
SHA2562834f988a49a1b6aed1b8beac2a56ebbe9506c7f46e206aeebca8a5f5ba23b48
SHA512f4468fd2756c04ca6c0d16c0e93e1c5262c035f498b8cd297e4df3324b6a281d8bcc274d865890b334e14587f439500924cd25db507bbb3562937bf340fc7c0a
-
C:\Users\Admin\Desktop\EnterSwitch.vbsFilesize
1.7MB
MD5ed769b50cc66a2fd402946597074525a
SHA1388ca1bcd4a952e9d2a51927bd4174c315425092
SHA256ec793e42835f80f7f3c67f8dd796bcd8328437493badb5e90e087e3cca123527
SHA51254371cd555ffc035cd6937d43435d2a575b41db7320801f6573b3017f77ba436a7b09512cf0f8e73d912c60b0313c6abe9c43db41a4305668663cd334cf373dd
-
C:\Users\Admin\Desktop\FindStop.DVRFilesize
522KB
MD54b71178572f9909e802ae2227f1eccb2
SHA197f33954d0d5af366856398e49607661c8fb34d0
SHA2561d1c219653e575f31a5d37a9a2790283b829ee96675432aa0f46dfd4e1dbd4e4
SHA5128e344211330434fd187f868de8ff4686e55fdf7ff70dddcb4b323ab82eaae86e62da2d709dc74ac0815997ac70eca2fecc0910d13e31469e5a3c649adea6f156
-
C:\Users\Admin\Desktop\FindSubmit.ttfFilesize
1004KB
MD53efe6aa7182988a1a3ef6324cf63e3ff
SHA125ed262230b7646301533e3d6792c171ee6b8f6a
SHA2567734bd8c8fdc783ea10ca5fd52ddc2c45158b0d2b0b6fd31911f46fe19e95258
SHA512536f600fffb0fe39bacb0cec38c2b19312c84cbbb91f44c510fb98974333fb897be5b53b29e8ada0128cf5194039ab0fc5f8cb39e7c9bfa536c6617b0a5aed78
-
C:\Users\Admin\Desktop\ImportInitialize.mhtFilesize
442KB
MD55f27bf1e159c1e2b77f86cfc694d90d7
SHA1641b6fe7cb0de2ba659f413328c0aaed8c04a3dc
SHA256e9f38a7695e7e63e2d82920e30fc29148672ef3105c8c762d5f365a2d1de20dc
SHA51214b55b17f4b666a412204fa4ec33067e9e692e6d6034a4ff95b0f3ec9013eedc95a0e5e149a7631efdb9258ad5fd87b9743fcb1ada775ad023e24ff120e98f7c
-
C:\Users\Admin\Desktop\InvokeDismount.rawFilesize
924KB
MD54a25e322b4980011efbeb45afa8d05f3
SHA14743d44bcfe49f6c67858e5a4f4d169000d88d03
SHA256e6da35b17e9360012f73b4253fb1a9ff7f38a08d80d43baeffdc60f56d7bb49a
SHA5128682260bf2a4bdc3cbd741a89cfd78d2b02f75445ff8d5da3685d6d04cf93d1f15ad89982be172da1a7f1754712d6324d50d8aaceb30124545370e64f7cee2d2
-
C:\Users\Admin\Desktop\OpenDebug.wmfFilesize
844KB
MD567cf39008185ae38b68c88d8ef9c7a69
SHA154dde63320b94d0d13bdd32323724c83c7220499
SHA256e6e1a49a6d7193ec74167e1b1214f26def7b96837efc904b1d4e3b8f94362918
SHA51258292998296fe38880b75addfbe7cb87eff8d82ee4ede8de8a51cb46f51132b4e685fe75ddf705437c35dbc98f0561733a4b97ba2c8dfc86971935d309306662
-
C:\Users\Admin\Desktop\OutUnpublish.rarFilesize
1.1MB
MD5a6af5aeb3aca9dbb4b303ee197b8022b
SHA15cf66ffaf29942b1e9de6c578745f582418949f4
SHA25634ae4fe13c0624f4e8f8246475c875672d86ad226567f3ea127930ab1cd32385
SHA51223b3236ad662bd1aa357260b1cd877c721da18d1bed907b60b3e82cfd4c104182c1b1ac7dcf13bc1b9d99a5110fcc6b1b54ddf8cf62f24645104c9cad39f5b93
-
C:\Users\Admin\Desktop\ProtectStart.m3uFilesize
884KB
MD5b72bc3a5b26bbe0341d3b56f661597c0
SHA18398be714d98ec2efd6087403d209ec25546d6f6
SHA2569629c4fd63896a93cf9d72f05926b843dee9d400909e4850dbb1f409ac241502
SHA512126d731323cd64d3bfc0d1ecb919a2e591216624d1056c279297b4abeaae34ee925951ec191503a88a4abf7a248abad6de5f3cee89c9444144d5233e33c94936
-
C:\Users\Admin\Desktop\RepairRead.batFilesize
964KB
MD5ae1e1aae447378646e6776e427ff6e96
SHA1b002ea4187411c9ee34ca4a162e1c087eac37889
SHA2569964efa16bfa6c155d01b33f54e8ed80fcb2caeffada01b9a8bb48e190230136
SHA512677dbf9907267d8880cab3f95c43d57e8c940a0e123fcb946fe0f947f31e84e492087bbde2e67e33b16a88575125b536cdb7d6d6194ff1f92c7071bbcb79985a
-
C:\Users\Admin\Desktop\SaveSearch.csvFilesize
643KB
MD55a653bd8e879235d678493489a402904
SHA1fb13be5ad3eca93b31d6c95bce4fcca481028ffc
SHA256406854563e1277d28243cd06c771d6e447b2ece083e2321371eeaa175cd50310
SHA512c370369a5b7381c48985ea2e335f098dbd6a9cb85b98fe8cf6597d4a5cc0c3719fc2cb1006b9433b25d549458878cde23a0ac31607be6c075cb2f4dbc10103d8
-
C:\Users\Admin\Desktop\SendResize.xlsxFilesize
1.2MB
MD5ec500fa334b799fc3b3c9b82692f74e7
SHA14649297863309c495949e395e796bf84208a3866
SHA25644b7ab59747a617f1642f098d49e023fe11ef384b685f6a2654e55f2cf540705
SHA512bf933b6eea12ebf562d95030e7cba5a116336ae1909f411c1ee4a6745d880160acc567c2ab17ec8df5aa727b0b70b0e29f5cbf5b0de602eed8a1997720c24a8a
-
C:\Users\Admin\Desktop\TraceUninstall.rawFilesize
723KB
MD54905a9ff662dbb325af431f96b289a68
SHA15242428611363f6419eb259d4b2506331844fab8
SHA256963093d0a834134dc5f3cb20687f2415fd42e9b5f36b5a65237f0ebb8986bae0
SHA512dab79c8fc557d53fc6cae4189c52ad8299881917c88f725229ab317c6ccb5eb36ce7727ac4e4d0534037071d53947abf9b93e22ffcc74f3de97b90cde76bec44
-
C:\Users\Admin\Desktop\UnblockSkip.mpv2Filesize
1.2MB
MD50ac2cfa1a64df8fc384b6f161976ebea
SHA12d8aaf48fd25f77b5e477c2c2193a0939c60ebc6
SHA25660dce51c485d1a37d4d433a772cca057ee25b609b8c5762a3c23bf503cba0d55
SHA5126bbe49151016658d6d9dca4a1a6c4c8e5111737d3ea5045be7239b3cf4fb5e16aa09a315fe032f6d0d032f34143b8d7bf21dc716bac2dd1c64ecf04bb41832d8
-
C:\Users\Admin\Desktop\UnregisterBlock.wmFilesize
1.0MB
MD56baa7bb81c468ed4d6625b3156ff56e6
SHA1a755756fe869db9e932f59aa0257e8aa7cacb337
SHA25608b0398ed10ccca08e4721a41b1f4cc620226a56b0882082c45ec3f034f816c0
SHA512ee5e1a26baf3d5de40286246a3820dfeba54118da89bb8b99b4285649a5ef704f2f8c449002248d2f42f176f0748745d678e6c2d1a19dbec5f68638f779d80e5
-
C:\Users\Admin\Desktop\UpdateDebug.clrFilesize
1.1MB
MD5257e924fd29aa6c6d32aa25eb6e9c55a
SHA12a4a7772584fdd6f190d6c208da0edc8f636b7af
SHA256d78969bad39aeb757a90e027bcfde2e6db310ea66f5ea264195f22321a40a850
SHA512066fd44a90bd18368c4d91afd9d8cad196780e430b196f0115b74f27a4a246fb80db6799cb17e600e6b2d61e58725b740e7ae66261b2699cdcf10f7417fccdeb
-
C:\Users\Public\Desktop\Acrobat Reader DC.lnkFilesize
2KB
MD522b9770809478f4b7938f463e6697e24
SHA10f444dfd78b31d831c0b9a59ebc30c04db1a324e
SHA256cd9249f2aa782d026346ed4bcd7bfa7b8e8a21b3aa596a24fcb5924664545ae5
SHA512143b10440147bbb3bb2bab7fbf81e146810d1bfac8fb9af7e1a52707e61d06ab4e92129db67e8cd0e79785a9fb92ac8193e0811359b2f712f1dfe36c3915e65f
-
C:\Users\Public\Desktop\Firefox.lnkFilesize
1000B
MD5debd38c15bbee4ae9c96eddc03924287
SHA1f61b97b8829897bcd9af7fbcd13882b82eae8e2d
SHA256917a5ab064fa271ab2e1ee3f4fd1ee5774a7d075769a422346f96923b243e905
SHA51200ca595b2440e30f149eec984f724096671eefe8ead3d7679fbd70bf69a5b205c2e913e3d13679a47c8d3932afd0ebb63051999296aadc8309150ffa1d55e5e2
-
C:\Users\Public\Desktop\Google Chrome.lnkFilesize
2KB
MD53d33dc109439aaee99755699a39d7af2
SHA15c6d5f13110d9b17e37c9fdf43e72c3772c7dca8
SHA256807fd0a98d5c652c6479babf5ba94573645e343a3db23eb9bbaa19d38f71fd80
SHA51279741bdb34a18ba643445318ef45347fafa31d36f48557ecec987e09e3164a0499a25974926dde8f1920157936a43a32f66a08215e32fb03cfc3ca32a5205ac0
-
C:\Users\Public\Desktop\Microsoft Edge.lnkFilesize
2KB
MD50a33c8cc5f3c6777886b53f6fcb7896f
SHA19ff1adc6dc48c89aa8f3e84aae76d59e8967bac1
SHA25613a17d18561f559df873eacb07b6809ea2153dbb2bcacb2ac8b41707e56ae37a
SHA512aa95202af6a3dc6ae5878c3f21e9a1139cebd859c13dbeb9e004b092baf19a6d8955b629dfb2d3e061329f24298d1bf94cd9a5021d8b11d7cffd2e5cfb90e181
-
C:\Users\Public\Desktop\VLC media player.lnkFilesize
923B
MD52290d3b29d2cccef99e913346032f835
SHA1b5a7b250a09abd96d0e4a57c5563402bbd751e72
SHA25672dedc6e7728ac16956b0e426b5b049c84656a44c745d074223378cd21df59ec
SHA51280d17473046a1087f41ae03778e37634f98ff063b69dd32db1a2fc96747891c7fcdb2e4f6b215987210be9059c733d686546683801e063bb56410abbb902d7f6
-
\??\pipe\crashpad_2564_FMTJAIJFKQAWAUFVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/388-176-0x0000000000610000-0x0000000000619000-memory.dmpFilesize
36KB
-
memory/388-173-0x0000000000000000-mapping.dmp
-
memory/1004-190-0x0000000000400000-0x0000000000C89000-memory.dmpFilesize
8.5MB
-
memory/1004-193-0x0000000000400000-0x0000000000C89000-memory.dmpFilesize
8.5MB
-
memory/1004-186-0x0000000000400000-0x0000000000C89000-memory.dmpFilesize
8.5MB
-
memory/1004-182-0x0000000000000000-mapping.dmp
-
memory/1308-194-0x0000000000400000-0x0000000000C89000-memory.dmpFilesize
8.5MB
-
memory/1308-188-0x0000000000400000-0x0000000000C89000-memory.dmpFilesize
8.5MB
-
memory/1308-172-0x0000000000000000-mapping.dmp
-
memory/1308-174-0x0000000000400000-0x0000000000C89000-memory.dmpFilesize
8.5MB
-
memory/1512-189-0x0000000001A9A000-0x0000000001A9F000-memory.dmpFilesize
20KB
-
memory/1512-169-0x0000000000000000-mapping.dmp
-
memory/1512-178-0x0000000001A9A000-0x0000000001A9F000-memory.dmpFilesize
20KB
-
memory/1512-253-0x0000000000000000-mapping.dmp
-
memory/1512-170-0x00007FFD72C30000-0x00007FFD73666000-memory.dmpFilesize
10.2MB
-
memory/1620-180-0x0000000000000000-mapping.dmp
-
memory/1908-183-0x0000000000000000-mapping.dmp
-
memory/2148-245-0x0000000000000000-mapping.dmp
-
memory/2836-200-0x0000000000000000-mapping.dmp
-
memory/3056-248-0x0000000000000000-mapping.dmp
-
memory/3136-242-0x0000000000000000-mapping.dmp
-
memory/3300-179-0x0000000000000000-mapping.dmp
-
memory/3388-241-0x0000000000000000-mapping.dmp
-
memory/3424-195-0x0000000000000000-mapping.dmp
-
memory/3556-164-0x00007FFD72C30000-0x00007FFD73666000-memory.dmpFilesize
10.2MB
-
memory/3556-165-0x000000000151A000-0x000000000151F000-memory.dmpFilesize
20KB
-
memory/3556-243-0x0000000000000000-mapping.dmp
-
memory/3556-171-0x000000000151A000-0x000000000151F000-memory.dmpFilesize
20KB
-
memory/3820-244-0x0000000000000000-mapping.dmp
-
memory/3852-222-0x0000000000000000-mapping.dmp
-
memory/3852-223-0x0000000000560000-0x0000000000587000-memory.dmpFilesize
156KB
-
memory/3852-224-0x0000000000561000-0x000000000057E000-memory.dmpFilesize
116KB
-
memory/4132-221-0x0000000000000000-mapping.dmp
-
memory/4624-185-0x0000000000400000-0x00000000004B2000-memory.dmpFilesize
712KB
-
memory/4624-184-0x0000000000000000-mapping.dmp
-
memory/4712-135-0x0000000000000000-mapping.dmp
-
memory/4740-166-0x0000000000000000-mapping.dmp
-
memory/4840-177-0x0000000000400000-0x00000000004B2000-memory.dmpFilesize
712KB
-
memory/4840-175-0x0000000000000000-mapping.dmp
-
memory/4856-181-0x0000000000000000-mapping.dmp
-
memory/4856-187-0x0000000000400000-0x00000000004B2000-memory.dmpFilesize
712KB
-
memory/4856-191-0x0000000000400000-0x00000000004B2000-memory.dmpFilesize
712KB
-
memory/4872-252-0x0000000000000000-mapping.dmp
-
memory/4896-196-0x0000000000000000-mapping.dmp
-
memory/4948-215-0x000001C8818A0000-0x000001C8818E0000-memory.dmpFilesize
256KB
-
memory/4948-204-0x000001C880390000-0x000001C8803D0000-memory.dmpFilesize
256KB
-
memory/4948-214-0x000001C880480000-0x000001C8804C0000-memory.dmpFilesize
256KB
-
memory/4948-212-0x000001C8818A0000-0x000001C8818E0000-memory.dmpFilesize
256KB
-
memory/4948-216-0x000001C880000000-0x000001C880040000-memory.dmpFilesize
256KB
-
memory/4948-217-0x000001C880480000-0x000001C8804C0000-memory.dmpFilesize
256KB
-
memory/4948-218-0x000001C880270000-0x000001C8802B0000-memory.dmpFilesize
256KB
-
memory/4948-219-0x000001C880470000-0x000001C8804B0000-memory.dmpFilesize
256KB
-
memory/4948-220-0x000001C880270000-0x000001C8802B0000-memory.dmpFilesize
256KB
-
memory/4948-211-0x000001C880260000-0x000001C8802A0000-memory.dmpFilesize
256KB
-
memory/4948-209-0x000001C880110000-0x000001C880150000-memory.dmpFilesize
256KB
-
memory/4948-210-0x000001C8818A0000-0x000001C8818E0000-memory.dmpFilesize
256KB
-
memory/4948-208-0x000001C880390000-0x000001C8803D0000-memory.dmpFilesize
256KB
-
memory/4948-198-0x0000000000000000-mapping.dmp
-
memory/4948-201-0x000001C880470000-0x000001C8804B0000-memory.dmpFilesize
256KB
-
memory/4948-202-0x000001C880470000-0x000001C8804B0000-memory.dmpFilesize
256KB
-
memory/4948-203-0x000001C880260000-0x000001C8802A0000-memory.dmpFilesize
256KB
-
memory/4948-213-0x000001C880000000-0x000001C880040000-memory.dmpFilesize
256KB
-
memory/4948-205-0x000001C880110000-0x000001C880150000-memory.dmpFilesize
256KB
-
memory/4948-206-0x000001C880260000-0x000001C8802A0000-memory.dmpFilesize
256KB
-
memory/4948-207-0x000001C880260000-0x000001C8802A0000-memory.dmpFilesize
256KB
-
memory/4964-249-0x0000000000000000-mapping.dmp
-
memory/5024-250-0x0000000000000000-mapping.dmp
-
memory/5192-225-0x0000000000000000-mapping.dmp
-
memory/5304-254-0x0000000000000000-mapping.dmp
-
memory/5396-251-0x0000000000000000-mapping.dmp
-
memory/5520-232-0x0000000000000000-mapping.dmp
-
memory/5620-226-0x0000000000000000-mapping.dmp
-
memory/5644-230-0x0000000000881000-0x0000000000885000-memory.dmpFilesize
16KB
-
memory/5644-237-0x00000000045E1000-0x0000000004715000-memory.dmpFilesize
1.2MB
-
memory/5644-246-0x000000000BED0000-0x000000000C50C000-memory.dmpFilesize
6.2MB
-
memory/5644-247-0x000000000C510000-0x000000000C529000-memory.dmpFilesize
100KB
-
memory/5644-227-0x0000000000000000-mapping.dmp
-
memory/5644-229-0x0000000000D70000-0x0000000000E9E000-memory.dmpFilesize
1.2MB
-
memory/5644-240-0x0000000006050000-0x00000000063D0000-memory.dmpFilesize
3.5MB
-
memory/5644-239-0x0000000003D21000-0x0000000003D25000-memory.dmpFilesize
16KB
-
memory/5644-238-0x00000000045E0000-0x000000000483B000-memory.dmpFilesize
2.4MB
-
memory/5740-235-0x0000000000000000-mapping.dmp
-
memory/5760-236-0x0000000000000000-mapping.dmp