Analysis Overview
SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
Threat Level: Known bad
The file LauncherFenix-Minecraft-v7.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Downloads MZ/PE file
Loads dropped DLL
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-01-04 23:47
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2023-01-04 23:47
Reported
2023-01-04 23:50
Platform
win10v2004-20220812-es
Max time kernel
18s
Max time network
21s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2804 wrote to memory of 2156 | N/A | C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe |
| PID 2804 wrote to memory of 2156 | N/A | C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | www.dropbox.com | udp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 8.8.8.8:53 | files.launcherfenix.com.ar | udp |
| N/A | 104.21.72.175:443 | files.launcherfenix.com.ar | tcp |
Files
memory/2156-132-0x0000000000000000-mapping.dmp
memory/2156-142-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-156-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-159-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-162-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-165-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-168-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-171-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-174-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
memory/2156-176-0x0000000002FE0000-0x0000000003FE0000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-01-04 23:47
Reported
2023-01-04 23:50
Platform
win7-20221111-es
Max time kernel
147s
Max time network
151s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb8000000000200000000001066000000010000200000007d25c61eb7949983677365d3d19fcc07449478f631cfb6d15dcfb18e5301a22f000000000e80000000020000200000001006946f565112002ca0ef6fae0d78699170c809ca02d17d26dd8023bc6008db90000000bb1a217186b5fd2eae9661199a73e4dabd8edf0be62b8c6cbd72dd40ac3fac6c4277f2a302f7d877799e416fb6ad713fed66b2763c2f2d9b642a861ef096000a4d8f91008ccf6d6ac4e1bed5f72ad46719482141fc6018e180a553807708b1a5585425a88ca8d9cb18a8f507b6ba2fafcfee3b3483ef9d61c70a0c06f389abbb73f8decb6eb0f649040ed626967293d74000000010468785f6140c74b29a7886d55914dd7eb6333e79154a13b9969f7746ff9c7102fbbf742ce5915f5ad59334202bcaf98c2734597e75821686913f3908b71090 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12776" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB6BC181-8C92-11ED-BED5-6EE2660AF6F2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb8000000000200000000001066000000010000200000006efdf46cb13020367a6eb88288e20b1d1370caeac371b827f8723439909552df000000000e8000000002000020000000f2ad0d0f7436d89dd0515995972f3b4b57a5c4b96b6cd2f3d8b726de97765b1720000000c8e431cd04e8a8d4e2b1525b91588c89dba18eba628d1c8c328309fbf2fcf794400000005d3b8baa8bab4daf9504830580190cf11f7458ef6b3a10e373b6815d0690041fdf94df245fd876b918dfec7abca239744d5c2cb6b4adc70fc987cf12a3d84aa2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "58" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06836a79f20d901 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\Total = "58" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "379644737" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\Total = "12776" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\ = "12776" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\ = "58" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\Total = "26" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\ = "26" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage\launcherfenix.com.ar\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\es-ES = "es-ES.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre7\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6dd4f50,0x7fef6dd4f60,0x7fef6dd4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1096 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1876 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://launcherfenix.com.ar/wope/register/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3312 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3936 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4112 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4556 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4348 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4480 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x568
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,5622958231644029598,13246511695029304756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3600 /prefetch:8
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | www.dropbox.com | udp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 8.8.8.8:53 | files.launcherfenix.com.ar | udp |
| N/A | 104.21.72.175:443 | files.launcherfenix.com.ar | tcp |
| N/A | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| N/A | 13.107.237.67:443 | launchermeta.mojang.com | tcp |
| N/A | 8.8.8.8:53 | profile.launcherfenix.com.ar | udp |
| N/A | 172.67.153.84:80 | profile.launcherfenix.com.ar | tcp |
| N/A | 8.8.8.8:53 | iniciolauncherfx.tumblr.com | udp |
| N/A | 74.114.154.18:80 | iniciolauncherfx.tumblr.com | tcp |
| N/A | 74.114.154.18:443 | iniciolauncherfx.tumblr.com | tcp |
| N/A | 8.8.8.8:53 | assets.tumblr.com | udp |
| N/A | 8.8.8.8:53 | px.srvcs.tumblr.com | udp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 192.0.77.40:443 | px.srvcs.tumblr.com | tcp |
| N/A | 8.8.8.8:53 | static.tumblr.com | udp |
| N/A | 192.0.77.40:443 | static.tumblr.com | tcp |
| N/A | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 172.217.168.238:443 | clients2.google.com | tcp |
| N/A | 142.251.36.45:443 | accounts.google.com | tcp |
| N/A | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:53 | launcherfenix.com.ar | udp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 216.58.208.110:443 | apis.google.com | tcp |
| N/A | 216.58.208.99:443 | ssl.gstatic.com | tcp |
| N/A | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | launcherfenix.com.ar | tcp |
| N/A | 8.8.8.8:53 | textures.launcherfenix.com.ar | udp |
| N/A | 8.8.8.8:53 | www.paypalobjects.com | udp |
| N/A | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| N/A | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| N/A | 104.21.72.175:443 | textures.launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | textures.launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | textures.launcherfenix.com.ar | tcp |
| N/A | 104.21.72.175:443 | textures.launcherfenix.com.ar | tcp |
| N/A | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | tcp | |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| N/A | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| N/A | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| N/A | 8.8.8.8:53 | partner.googleadservices.com | udp |
| N/A | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| N/A | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| N/A | 95.101.74.137:443 | www.java.com | tcp |
| N/A | 69.192.66.17:443 | static.ocecdn.oraclecloud.com | tcp |
| N/A | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| N/A | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| N/A | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| N/A | 216.58.208.110:443 | udp | |
| N/A | 216.58.208.106:443 | content-autofill.googleapis.com | tcp |
| N/A | 142.251.36.14:443 | play.google.com | tcp |
| N/A | 142.251.36.14:443 | udp | |
| N/A | 8.8.8.8:53 | fe0.google.com | udp |
| N/A | 23.222.18.199:443 | tcp | |
| N/A | 95.101.125.213:443 | www.oracle.com | tcp |
| N/A | 95.101.125.213:443 | tcp | |
| N/A | 69.192.64.212:443 | c.oracleinfinity.io | tcp |
| N/A | 95.101.125.213:443 | www.oracle.com | tcp |
| N/A | 69.192.64.212:443 | c.oracleinfinity.io | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 13.227.219.60:443 | consent.trustarc.com | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 173.223.112.132:443 | tcp | |
| N/A | 15.236.176.210:443 | oracle.112.2o7.net | tcp |
| N/A | 13.227.219.60:443 | consent.trustarc.com | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 69.192.71.29:443 | tcp | |
| N/A | 69.192.71.29:443 | tcp | |
| N/A | 2.20.8.83:443 | sdlc-esd.oracle.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | tcp |
| N/A | 8.8.8.8:53 | sb-ssl.google.com | udp |
| N/A | 142.250.179.206:443 | sb-ssl.google.com | tcp |
| N/A | 8.8.8.8:443 | dns.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| N/A | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | www.microsoft.com | udp |
Files
memory/1372-54-0x0000000076331000-0x0000000076333000-memory.dmp
memory/1296-55-0x0000000000000000-mapping.dmp
memory/1296-56-0x000007FEFBF11000-0x000007FEFBF13000-memory.dmp
memory/1296-69-0x0000000002230000-0x0000000005230000-memory.dmp
memory/1296-70-0x0000000000370000-0x000000000037A000-memory.dmp
memory/1296-71-0x0000000001EF0000-0x0000000001EFA000-memory.dmp
memory/1296-73-0x0000000002230000-0x0000000005230000-memory.dmp
memory/1296-74-0x0000000000370000-0x000000000037A000-memory.dmp
\??\pipe\crashpad_1644_NRRRNUOBISPSXWID
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f569e1d183b84e8078dc456192127536 |
| SHA1 | 30c537463eed902925300dd07a87d820a713753f |
| SHA256 | 287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413 |
| SHA512 | 49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 8f073d21c993ebc857826c5dc4f784a8 |
| SHA1 | a4fb8dfc3f22903d86ee4ed1b0c4d1136e7ab67a |
| SHA256 | 1314da79688f14cf8e85dea989b969411b41a213f385165f8c5cbe8b2aedd8ef |
| SHA512 | 13434358bd52cb202a0616fc609c1f8da1a4fa9dd8c66b4ae6526701ab847c2d03758ca23621b9d2c70c8b5e42187ee7f9e70523821778355672d4de56ca60a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 07f2d2d2ca488fc3db059f10f3b98e81 |
| SHA1 | f657ad4038fbbe67d6caf3c72d7082afef0527c5 |
| SHA256 | 682e56155214f6ec4061af2f42aa0609973d40b2fda04c2a4b2f2422078ad09e |
| SHA512 | 13091283822d1460af6dc81e53f2815d7832bf12507767477662f49f18aad69b9b02195cd853bfc73f39cb44b9a07d94b4886730055e86c5bdf26b189fa8e9eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 93f6a7a31c5592d841e46c036ec189a3 |
| SHA1 | ba63a2cb7a181798d64f47a1cf1a3477e5118c7b |
| SHA256 | 275447ad8a496d2f1e2d90caed534e9e73f630a7633f4dc2ddfb8862ebb55a7e |
| SHA512 | 360593941583ff1b76f414bddd60f2e91c27bb3f055154dc0b685c6d2ce2af0a312b4c929434294e10a131fa23f15c436f571fa57483853c1c7c8abebe3357fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_18CF33A810D0A2D5C0C28C211FE5F3C8
| MD5 | 5dcd3e3f6440384500af24c809a3f175 |
| SHA1 | 3a5df7e2369c9d65865d73410b0cac87e1b5a54c |
| SHA256 | b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df |
| SHA512 | 857ae1a764d38b13efefab0e1222c7aeed2b446f3d1348ae8ff1f7048aab2e6ce5662bae0bd7579169ca0335d17d43b6a5664ce065ee6d16feac7e82e4183611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_18CF33A810D0A2D5C0C28C211FE5F3C8
| MD5 | d4293e9fdc04bb52edafbc22de8c198b |
| SHA1 | 1526043510322bae674c5d84e18cca9b9a09441f |
| SHA256 | ef7b9de321751cf8a6be129865738e9850f7f59a1befa641681b0569f7d16ea5 |
| SHA512 | 84dc9fd0bb698a44b4705b82f1ee1628809252c4b03ee9489ba414d0721e626cdccb06b82b7926fe7efb19f732960e119ae8cdf673a79a0fc0e5f312b575bb4e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
| MD5 | 1b988ab3b687cb174223cf8db940091a |
| SHA1 | 53557ec71d582f3e37794a404e14ef85f83403fe |
| SHA256 | 11976b6fdf3ee9bdefa419c89affcc92607e6893f81e9236567f551260bf1079 |
| SHA512 | d8d72bd44c27076b0e2dca6056ac891f679ea35ea149d4483a21090d0aa0675d15574c0e6a182d09c76d3f0fb32d226b2bd884f3c50326f71c8ab27463c97226 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_259154B02A93A7C95A00126214FBE388
| MD5 | 7c8811382bcd40ec65e7a6e339e94904 |
| SHA1 | 38d741442c52bcdde863d1a2d593ce0c81c7efbd |
| SHA256 | ce5c1060c028784381224586783b9b0943fd14947bb15bb38e6d401a1a221c23 |
| SHA512 | 8cd9b88c6db7ab910df19289e2e6fb4a7528d484df4e1168440136656052152392b00b11c8a492fd469d2d60641cbddc97e7da5c4783ae712f26fa9d31adb101 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_259154B02A93A7C95A00126214FBE388
| MD5 | 0a661f9237bc6b63ac68dd1f44966937 |
| SHA1 | 859435cd8ccb49e02879ceb05d7850be405b08ba |
| SHA256 | 76ca4901aefe2c23063cd146bf564d00f004b93d0bd0036100df5e9f7d09b3ca |
| SHA512 | bc04630a65f007244175a34b5040fd4aaed4e23ca6793d26529e018a3c7e1ac77814470ed062ea43cf6f54170d8acf35dcee7445a0df41f9cafd5e22ee96f9a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_ACA51E1ABBF1573BBD9B48CF6AC4217D
| MD5 | 561e959ce9eff04b09da6f3def82f549 |
| SHA1 | 7866f989cdfb160709f4c93b767fd01e5553d75b |
| SHA256 | 9076b4ae1a34ab02b362ffa44ecbf6d579f82042cfd7e7138977477ea5bd3e61 |
| SHA512 | 3e3ad98d38d37962518febb21eba312e17e26301bd06bcfd1ec4a7b1cf8c7eba23143872ceeddd794a342750dcf481ae197f04dd7e74bd71fce68858e963b380 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_ACA51E1ABBF1573BBD9B48CF6AC4217D
| MD5 | dc84aff4c0c427e1b7f285a89c18ab9f |
| SHA1 | 9978bcb6700ab874d4bb863b111be2160f3b70f4 |
| SHA256 | dbb54336e170f3282056f1b770108eecfa8432fc85703deb87d8e4e91efa4571 |
| SHA512 | c1b927cae513315f4153084aa6e76356bbf09834e8b64ef03af7a1c39d548bea5dc075feee5222d97bb3551bb6956d65d19c4bde9a292ae48ccde880e46ec783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48321f4a22d3653231721ece077c3644 |
| SHA1 | b1791aa22d52befde42f2997600774f28530184d |
| SHA256 | 2a42ac00c528057527c99130ab785acb5e10a9ae835d66436f78f953f3da2d9f |
| SHA512 | ff9e4b14a501d8284941f26b4d90dcb1645b2bc7559b71631fec609e243a0a90a88dc82388de953bad0ced9ff8a1ffba34fc3f192a97682c7a8e0e1ea315e458 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6625584d62b4dfd419bc167ce2ae989b |
| SHA1 | e7dbce49e50294b45e8ab8918f8fb3e810cc28b5 |
| SHA256 | a2f3b17b1fd75707cb053295882fc9e18068e52e2e4c195497d95286ea91797b |
| SHA512 | 9434c6da13b4f094ce0d1c258b33d57d183ff51162955e049d3bb75ba149780ea72a29941a4b0a73c6bb70e23fd31f16657a820336dfa8744112f25bf3475cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c29e015a75f4e4f256d1e8eb7a0a7e5b |
| SHA1 | fc5698463fd974148458497a695abdeee00583f9 |
| SHA256 | 11d01ec5ab41aa915fbb510e3f41515d217f6bd9a2e265347b1697fc5eeb9d27 |
| SHA512 | 627f2d8474a5c8c1fb6be95c0fc7b43a4421bfa3f73c3ecf91216dfe3a1bf33be76da68c9634d8a4e606be694f27e5b1ecc48d62e975bfe721bb8eacd37639a1 |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DL0NLAWJ.txt
| MD5 | 43cf5337310913ddcd16f65a8b3724ab |
| SHA1 | 3a5dcf1a734b084092805ad6198ee1e12a798564 |
| SHA256 | ecfc0a582cca83443351628e9ea7efc13a7b1a33ef52e60ccaaf9256ba444454 |
| SHA512 | d93233869770323c22ff6bb094248e7eb85f85f540cff5e8a12ad8a1aa32e7a4909946b50504f8fccc6a75793922b3ea3405d07164b2befb2ad583d16818d41d |
memory/2572-99-0x000000006E121000-0x000000006E123000-memory.dmp