Malware Analysis Report

2025-08-11 05:14

Sample ID 240505-swxltaha33
Target sample
SHA256 b6d1a666ae9603e2205c01ffccc447d56c1062e467721407b523ac489ee862fe
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b6d1a666ae9603e2205c01ffccc447d56c1062e467721407b523ac489ee862fe

Threat Level: No (potentially) malicious behavior was detected

The file sample was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-05 15:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 15:29

Reported

2024-05-05 15:31

Platform

win7-20240221-en

Max time kernel

63s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000ed38d4264c886e78d99a924f2f168332972d3dc67ea96f238702c58781c3699b000000000e8000000002000020000000db087c99c6177ee16e0f4ee06cbe94949527dcef71606b333b39a6c0ae093408200000008479302726f6af69353c8019110432835cf3bc9dcf61ee41ab9d655a076ec34040000000d1dbae54270316f506f4aa449fcbc82513f6eac4d2d1066fadc60f5a8e882dd8f1cd260478b0d6129668cf4e9542725260acb30b65f34d97e55b34f4eeaa3366 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3EC877F1-0AF4-11EF-A5A1-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b65713019fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000003694ec99178567e07bbac8b7aced946b8673953df4a1102295c3dbfdc3d573c4000000000e80000000020000200000006cabd2a76ea5f7c079c55c47affbbdf24a315267e1c3a9ae63fb79100feed30c900000001617cdab4e700f7ae7c7ae76c71da984a176e4192a24b92c694bfa66386c4db9a56b4dda609f4e638ad08962d6dd7f97168baa89f72617b193bc253c13e9331f48dbdf2a410521d03e8fee15d8bbb0727aeb84b7d5bbea7ca3d3992bfdbcb4081bbcca47830df532ed9ab91da52f4b491a2e078c333c20b492b9c25053fda0008b80d7cc7d0b226dc87cedba06683e1c400000007653fd397933117a9c74c0e11ed0c3f06852173c4cdc94b30a2dc60001689542c7ab71d45cbd433a0f9692b667435d3ee9922504af26813932489611da45f5a6 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2412 wrote to memory of 1712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2412 wrote to memory of 1712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2412 wrote to memory of 1712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2412 wrote to memory of 1712 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3040 wrote to memory of 1856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 1856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 1856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3040 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef52a9758,0x7fef52a9768,0x7fef52a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2192 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2828 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\csrss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\utilman.exe

utilman.exe /debug

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

C:\Windows\System32\Magnify.exe

"C:\Windows\System32\Magnify.exe"

C:\Windows\System32\Sethc.exe

"C:\Windows\System32\Sethc.exe" /AccessibilitySoundAgent

C:\Windows\system32\sethc.exe

sethc.exe 101

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 roblox.com udp
NL 128.116.21.4:443 roblox.com tcp
NL 128.116.21.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
DE 18.173.154.83:443 static.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
DE 18.173.187.93:443 js.rbxcdn.com tcp
DE 18.173.187.93:443 js.rbxcdn.com tcp
DE 18.173.187.93:443 js.rbxcdn.com tcp
DE 18.173.187.93:443 js.rbxcdn.com tcp
DE 18.173.187.93:443 js.rbxcdn.com tcp
DE 18.173.187.93:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
FR 128.116.122.4:443 www.roblox.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 locale.roblox.com udp
US 2.18.190.83:443 apis.rbxcdn.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 2.18.190.73:443 images.rbxcdn.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
US 2.18.190.73:443 images.rbxcdn.com tcp
US 2.18.190.73:443 images.rbxcdn.com tcp
US 2.18.190.73:443 images.rbxcdn.com tcp
US 2.18.190.73:443 images.rbxcdn.com tcp
US 2.18.190.73:443 images.rbxcdn.com tcp
DE 18.173.154.94:443 css.rbxcdn.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
FR 128.116.122.4:443 auth.roblox.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com udp
FR 128.116.122.4:443 auth.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 api.bing.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab25EB.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar26CC.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb0c888c90ef2704c80133e37d124656
SHA1 27896ae043b6a38e30b2ec40f7944df0be363101
SHA256 1aa294d5cdbb3e9828cda7177ab3f0bd701b2883e01184b4d9151e64871cb1e7
SHA512 a84f95caeb31eb56950a126f3a83694c6cd87ae4545f750c0985b705299b38c60ce52559831485bbd07ec80704366f12ebee78e89a1d7a5fcfa34aa73ac7522c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a22f53052df872e100d40c97758217af
SHA1 7472d725ba5c969c9a327fdbc5748c8e0390d60e
SHA256 ee5879cc4740dcdaaa87889477731975fcf77e6d7463344ba52e153284a89673
SHA512 ab67c9376a3eabd82dade1ffbc63442ed35cf07c5fe42b71badcea050771c5242acc737ffa0526ace4a3d6ed94b94e6761424082a9977cfbfa213c2e56933915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb397e907d93f05c498bd1fe20f8b72e
SHA1 35b7dd4f0a44c52cfb85cd50ea1d0d9cdb06f660
SHA256 487a7738554b03a8f5f878443f2d052913fefc5c386ae266cef68bf67aaed373
SHA512 cce102d90b1785e85b1e4a7c123df6246f1099b4c14435c1bbf31b326a163bbf3cb37530c244afa22a79f7364c76e9c08f4855d041980eb06a00dca77a743d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 808ff031eaadc052fa3df151899ac689
SHA1 d751a866244e1def2498d9b57c43f6f10f520853
SHA256 233ce5120cb2a4aed876ddc12af28815b769ecad2e13d187fe94504316906ad4
SHA512 3412276a45b5984f95522c39ba9f5dee0afd60985a576025168f268d02e31f83c3d2268ee2dbb5b89a80fd51cb4b40dca3eb88486a4b13a8bc81aed9260ac367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c6086243160b4216e939de2345289b4
SHA1 82b507bc371049599d15d141e77a8cdd8a2da5e9
SHA256 3e8069236ecc6051e5196177024802b9c2118b469f680484f22baef9435946bd
SHA512 43667d605c518fa034e2fce0b2d9ad4025d96819e28f02faf2f669202ac4bad77d7934aabcdb0da4aafbefead337a3f4cd2c4e1be0cd67f72c569770e22a6103

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f70b3e565b79460fd321f2372ce23b59
SHA1 38e0682f89b1c8b6b64aaad4d06e44480cb57d99
SHA256 33305a5044106f9e67c2c43e64c8dae7ec30717bf9d484609d56e370039ae46c
SHA512 ed030285f3bef7dc23b5792494f9cac3fb2da9d8626a775480bf36e06de89cf684c6a7cc6df6c022537e110ee2ee6eeb772c657dcc7bcb226860ba4330c0028a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9663b31c162a4ec0c545b1dff36c9bd2
SHA1 b64e4e46c8f49dd9285a248d95af85290a867d5a
SHA256 c7d105d6cc78af7a997f4d5189abd897dd25a6dfb54e0b6e2d869d65c3fa3571
SHA512 09cc1a71d7ec39fdd23d59e96c8a53211ca69664a36cc1a09b12f1308d6a6b578e6436f18d6a8d4533092457eedc3b54e8c1e3e52d08e89ac3284561558db97c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68513563cfb0844565cbd12c93dd47c8
SHA1 38919bb2566bdd3ccfee18bea4230afe1e7d56a7
SHA256 f9d37b530681e8c683492ff0ce46251b707f6bccf2fbb6b14c475fb7f3152a4d
SHA512 71ae78d7fe2c6eb8eee271204f889b7736878f6693e9bac52b70ad8c022c029c25608007ed81de5d24d9f7bf524f3496f6659fc9a5eaa12e2c45c41fd627aaae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 044ebe56cdafa37446ce3b6abbc10fd8
SHA1 4cb78cc1c227b12691d29331d88e74f32e521bc5
SHA256 6ce76780675687754b330ae01d058987963c1d010d7ae8499c21fcb2f93dbac6
SHA512 137ff7b352257720b1176c92ad13762e423e39236ff1128dbedc8baf3d0d9ff9ae448a4f8e9a44d359c46ce4f725af8ec8646fd954325f3b954817fb8269144c

\??\pipe\crashpad_3040_QRNHURHTOFESCPKB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9825c620461e8ee6e5d53f18bce8c8d4
SHA1 9920ced71fc50185478e02c7e7f5c51f16cf616e
SHA256 b755d279fb35b4d275d78f5f2e40df1f76390cccc8e01e5161129b8400987bcf
SHA512 b00f3ae2a4d4cab5cef87334db20044082be0808956891bcb8bd2d3b75c15af82bf9b6cc355bb3b7d6e16cacbc1923073b529aad4dfcd72e7fd7600472a8a87d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c31a4abdecd15197711fbe32ef17c40
SHA1 ec6a361732a1f6fa59a0933742fab90f8a12cc8b
SHA256 0f6e25d3a4c883ae12b83e9aedcde22c32cbb463c9594a811760fb0b0886b3e5
SHA512 7cfed2ccab11e1575587709ffdccc6e40196975306abe2ecab8b574e4fdb3c8d7078e50d8d5eba068697a7708c14584cf9feb7bf8e6a97590a1f8ad4266f6094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 792adfd387648985c50ef074683bd9f9
SHA1 f91d5a9240cc56d49f70e36f08c69e69d6140d40
SHA256 5ee3461878db7d07dd2031e95fa3f2ba3d00f8bf4b066068c3b5e1fad54e4dd3
SHA512 0c88da987afe24c10dcce7e3fa7cdf75aa3d7c186ef5119b6040e9f1a7fde329802d6cb260a27f93cdc03100d45d84815ed023de9009a45e07aa88616115cb94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06c9ecfd85773aba0500a0360a25e1de
SHA1 0ba0ca909b9daa011023aa37fdab8366d28f0d4b
SHA256 283f0de1731b2ce16ff061730cdb341e6d7b99fbf2aaf11c8cac83f1214adac8
SHA512 4feefa7ca585fd9754b981a74f8b181ffe1224797ce57cf3cc6af653e35bc5ffe4b48cf56d2dc1bc7b7a8106f7cfbb3cc41258f1170ef5d268f22c8bcedf7a4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bf30cc9eab2809baf8bcf7215c56167
SHA1 86ac6b7fe225ded7b81b7e42b0b7ca5036f8a7cd
SHA256 c526d4091a7220f5a6c9f006aa7f47aa777ef0d97f07da7d8e28f817e869f7fe
SHA512 a4d2dc360b6f786d465f10e29555756fd58d81cdf41d110523d100b34a3937bc87953133824f28723696037ef6136e9c81a1b5119421a2b8f5aa71a3fdc33973

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 354b3fe2f30e7a3b92d2755282d9de18
SHA1 498974c75e3dcb1235ed2c5fff3f60bb104c956c
SHA256 d1ffbab86f07ae4d5332e31fbc9ed11ba05ff7c5e104a9edb9cd15d335ae449f
SHA512 cfe087125845417df152e2255b28a6ab13f4f7b02b87c35765c5027af1645b57e6733fd194c3606db7bb9c08659c1bfcba4d938f7e6977d5980b9ef9b3361c03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70a906830c11b7f3dc6470f22019d845
SHA1 e577d9b48ff16c753db4f7da13c4cb9eb0fe1603
SHA256 44f79832598f682f182d5d43d900e813f65fb2e8a886dc535f8285decdfc114e
SHA512 5124844b40dbee8a1951076bcb04089b216f62d02b5e421c79451fee4789180af4f47f27cc6e7635c409c7771c6c5c6d814aab52b0480283d1c9722ae993b20b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 960287cf3c28f67a33b1b0d66b66f73f
SHA1 efb497899b1f958f77a380de009401020a53d1dc
SHA256 b7386d181a2cdc9580fc4c0a695a1c910bc8ed27420e3698d341ea6bea39263c
SHA512 bd7fd1e4090ed107b0ec2de223afdf8575d3ff48ebf566c0f2f4203e0b121b8cde175084c222da92694c915c86f3853e63ba846f6b15fb2f74671c1070dafe54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3514fec2af9c1c3030cdbdfaf6d6b2cd
SHA1 f5c960e6529a3cd7a5e674477f0e573808a855b8
SHA256 15bdde27efc6976468e20bf2ee1879d6efc6d67cc2def74491cbdab8ee546bc7
SHA512 36122d8b0bb5282cc37efaf3aba224988ab18ee19e9ba6aa8b0ae12bc085b91001e31909695fb588bce1fa6454a0ae34f92fa95f6fa299783c151e698b465105

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\139376f3-4c14-4f60-97f1-43f831e96fe0.tmp

MD5 b44b2aa2c35da6d5cd95e49ece7460a1
SHA1 1786370cb1472b938eca5d2c467fb89fda8daab6
SHA256 1cd7f778f708a7f23dd7942ce6af1b1f5c5b39eabb605bfe6a674536ed913140
SHA512 4bfe52dbb3a5a2c3e22d158b3e35cd115cae36da22847764d6c7fadd5a958cd16198544eaf5cb681dedb6c5216965cff8928b0b26455dd6d4ac40d0160e613b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a69406ae599317937964e68a8ac6b2fe
SHA1 2fb474f518173bf6b03fc24b457cf399ac1636bc
SHA256 ff17ae8566adb69aa3e92d41072023cce96be33b17fdeab4f1374be9cf3ba671
SHA512 3065e9b535a3b18e009009c1eb4c4552ee360942bcb02e8ef03f4ff7d55951f1d818c35556b45a7ee003f69a0c8f183eceda0c6ad9879baa17b8556cb95a3ae6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 c48db15d282766fa2975156c3173b2fe
SHA1 06997fe9ca92f3f7d1a03010a704c8174dd3cf91
SHA256 35139644e00e2fd84a3e473078620901c21d256b70d25c3184ff079e7322e3dc
SHA512 5fa8f4489f05cb5b6229c62cc49686e227f590863f0f8295a9d3bfdeaa0979f0981e672479da9e7c6ed82e535c1bfb8a723702bffc9c397477ad138adf5c882b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 793b639f0483074bf878fcf19c131678
SHA1 b1a2ef0fd4d7944a9519e54e3201a05c62c90415
SHA256 b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869
SHA512 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 372a45f199b972e4117d136a9701e727
SHA1 a8339d023633aed5f5540d5fe3117ac84dc6bfb9
SHA256 131689c5e035f92300d36fabc47d74c81ae4834e7320b3ffa2e074a8daf357a9
SHA512 e1d6cc8755603eec6b6277c2176566a085be1b7331e8772fe473b4a32d033bc17e485991b6e8a137a6eddc578b56a29d27f8e3d4eb85ad1141cfa5527391f7a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 782fd7d8b7c62d2c338814d2b37345cc
SHA1 f36da6d98f03e80a62c747bf5e623ad783cb0c4a
SHA256 063f628f132923d1113de31712cf115fc61ddd19bb860e3564a9777d1266c4c2
SHA512 27a1feaa8464c65982b5d16eecde758465ab01bc023e5ba66fe720892cf738702a8ef50c45414c6996cd479b53805b71d8c58e875acf674b262deac31b6cf4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6fc3669618bc2705907e2023be276b72
SHA1 9e2ebb64a3a30f5c532c899b0f6558bfef8414d1
SHA256 142fb75ceeb93ffd20d4f00ab22846e8abcc9fc83d8dc55b4dfc5412a59b1f9e
SHA512 81966ecf0361789ffb1536c559a563f62d961c380bbd53c5f9e8dd2a03c04fe0df400b495d9aa7de1605c80f50d751da3b025bac44b01c9964bd488f8aa0d401

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\75674d08-8169-4d7c-9d85-7c5ca2ea0632.tmp

MD5 068fac7ffbbbba47d73ebc7a1de30aab
SHA1 000ce0b32b44b8c2daaa33823d74783730a225e9
SHA256 909ecb7576aec4a9541081a685d90b48d50250bb45acfaadc687a414eb1ce443
SHA512 8379c3333ab350271979c693a4e0979adebd25f8d45a76f54174f7143d42f0aa8d5c71d8b4e1616cdba377a0187a9eaf715c6d8e83727fca91d65eb2eec9ba48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5b2f2b0a22cc98246a2a526bad51acc1
SHA1 f23d07c0f49085ea550ea1692eb484fbca47676f
SHA256 91af1480086430a32ea6a8c3683533ccd4448447b22c2907bd5d918916718477
SHA512 fb4f1255f54c63d2af4303b1b772072dc8755a1113fb0e222b713020b6a5ffad3021cfd573437853c0d6e28db108e616129c7390d8cf57219a5c235c7a40a5e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8fd9eb62420dc87e23ed3efa9b7b6c9b
SHA1 dea2b37be93e97707c16f54d096bb63a16399ac1
SHA256 611bf0a3cc41790b00f85a904551b283c106b2a5c99f49cbd3e5e3d162f069c9
SHA512 b4312498f4956e9617392a06a09fd87b0954768539367618ce8a170abe320061489c51bc55a369cc98a124f913788ab562417602a72c4daa09fcd65e7c0bb3da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ae5ec604d9d383b4ff35b4a76ee33de
SHA1 803e5e241fe7f27aac2c1f905031e646e217c9ee
SHA256 bd00df13af59756f3d9f8869646101d3c153ee8d62f4de45dd869cef2e884d1a
SHA512 d697242b9e7ee42c9c3406307c27fe8e4c8b6c44f5f8080b7dcac4d4102ab80d91568aafb52aaeefe797bfaa66718f7f065df2fd731998d8b5be11706b797dce

C:\Users\Admin\AppData\Local\Temp\~DFA3FF6E5E292FC12B.TMP

MD5 2e8a71bfb8c3255989342b60a6599bea
SHA1 fbdb5221a1fa8ee83061d0134debb6e76693f62a
SHA256 f948350c828f9ada22f766d2271ffa75adcf07e3a945209ba722bc0cbc12dada
SHA512 f6b8afd6db47fc550de8f0f09f44a1223c16c8c482bdd31187e5afd3c1a9747836de6a2efdec9a81da5ec5812f474f66decbde97b9eb6f964d3369ac5556ba75

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{3EC877F4-0AF4-11EF-A5A1-E299A69EE862}.dat

MD5 2616404420b159d9279da4fcf4065dc5
SHA1 fb5a05687f2d8c63eeb16e582d3dbeb936c1c0f6
SHA256 c40436c224d9ed7897b13e85253f4620f3d48a10dc6395517a74c6f0eebec3b8
SHA512 193540dca5eb02f64bfa4be86b68c9564cb111a9c39c6aa6f16eedd6d0a64e92b6603cc1c1e5864ec35913afa324b4f9f9faa905e1690be347ad8b97ccce6cca

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{5339A170-D0C3-11EE-87E8-C695CBC44580}.dat

MD5 a0b1f8ee67ae4e02e7aaee364f42cf28
SHA1 765888089848e7ded4b6f58344e1791ec45609ed
SHA256 3e2cc4efeae0f5875176b988e0cfa92836582e99e63b7a1e8869f2adcaa1407b
SHA512 2c654f73aa64e9190877bfca8cfeb2c43e0b63346b6ef5d1293e16635929df877d1d6795a84da3cd38a56ed655b725c36bad98c160395bbffa7a35a745d6d246

memory/2864-1467-0x0000000002D90000-0x0000000002D91000-memory.dmp

memory/2792-1471-0x0000000002F10000-0x0000000002F20000-memory.dmp