Malware Analysis Report

2025-08-05 16:06

Sample ID 240608-k194psaf4s
Target https://shinolocker.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file https://shinolocker.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 09:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 09:05

Reported

2024-06-08 09:06

Platform

win7-20240221-en

Max time kernel

18s

Max time network

16s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://shinolocker.com

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ee4f6bf40a6b841b2dbd7e34b8aecaf00000000020000000000106600000001000020000000d8022fea281aadebcfdbb3752832f8733d52c18d6ed6e0dec563fb28059fe6fe000000000e8000000002000020000000052059623f764f4b7e716e30c61fd012f11b6d1345d2acaa9e87302892cce40420000000f1fc9f26a729d6c19512237e4545e5376a519a907e6fa29582f34dd9617477d440000000309ea1ee2db1ee2925b776e71165d0720aa38b7d59f79bf47464f1a59e260646af7cc594284a3fd77f8989a12a3f7bcbb8effd3a652650f62d8ee07561563c48 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5163E2E1-2576-11EF-9DC0-D20227E6D795} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ee4f6bf40a6b841b2dbd7e34b8aecaf0000000002000000000010660000000100002000000086c5e5845b6c94a1c64371b8028835d29c3e20c2a800dd453dfa8fa83288ae82000000000e80000000020000200000000c0d00226413e97f852e4ebdb66cdb25fbdb3fb470856deeea8be57a74621f189000000018c9e405e19c5ec5f7465c6dcd73f6d63f7170a0438aaf3bfaebabbb7696faf3485a38f48666b672b5fec29127b88ffcdfc8cbfd9afa58ae88af942554b6f392a5db9f856ba64dd2da6eb5162b695fb28b1264a8fd3c03df2aa84cb17e8c683391fe2452e5c5281abb489cc409a4548eac9c7c203d800fcf635e64103985d072d926d9b70d7c50063a7b1a7de36367c04000000094ad823e732be55a297e931bfb18bcf896f9f79c13bf77efc4edfcc6e0f2b4fb139ee8145fece55da1fccb1f1a66faa841b41e62aac16ffdd9d79d77c7a6b250 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f30f1d83b9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\SysWOW64\msdt.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://shinolocker.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\msdt.exe

-modal 393500 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF5570.tmp -ep NetworkDiagnosticsWeb

C:\Windows\SysWOW64\sdiagnhost.exe

C:\Windows\SysWOW64\sdiagnhost.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 shinolocker.com udp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp
SG 188.166.237.163:443 shinolocker.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab511F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5201.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2956b05a91460545324d61dec122d89
SHA1 e77eb1662f5ca16d2f68c47c9201abcb9604c1eb
SHA256 37cd0abffc5c4c410a5d7e814a16be874cb7ebb3eeb924e096773cb275e02e06
SHA512 121111fca7fc4d7aa47814f6e8bbbcb20d86a29583d869edb6754b7e0c2e258601775d043e50f3492e3f0c4aea484d674f71a1c27b4a3747bbf0ae5f8841b56d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd933ee7338c1fd727b1eabfeefec363
SHA1 6f2df2d6d8004c7b297d616d8d9043feb6c35b23
SHA256 4f18109467585ade921ed0502b27677fafcede87315b332965d82fca4f6e5c2b
SHA512 4b476f9ff6f3c100e2790b58fc3ceab17e62ca834f1523fa800835c50836d93c1cb20ed837f0344a705ef82c522e78036201f899523d1ed4cf063c2c91c7b4a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f5fe0b01f4d0be6ae529d89a017e2cb
SHA1 85bf99802a0b3d26cf862d5670d6b99d55bd67a1
SHA256 1ca957a2030f2247168504b1ed596186c7dabbb07dd2588d2492071593695a69
SHA512 9eccf3a69d1bc5c4a4081b5f0ea31546aa806c90370faf9eff69b22b82d62d008ab6ec56744fc82831782eb75b09459c3e471881fe01b6b1653a046a52e5088f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ae93837f8573fd57161be6baf6c061c
SHA1 232486527fb418723b9f9a773379ae5d9b417511
SHA256 5507608659923228dbab32cadb92602919bcc8bff7b22245f37e53589e1a760b
SHA512 dad670813b0277c62615bb1420c79cd4893261993233946f1d4cca0bee7975ea6b02e6745e90016524771e1c41224356f7895c7132ea1a80e6be9b8a9d2d24d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc65d5877d58cb844c6ce9c33862c58e
SHA1 cdcbeec19355a3795898832b33ab733afcab1db3
SHA256 adebee9a138e913f58ae81d182fd4ee7658438121f4ed02467307a6225036626
SHA512 374b327916558372ec92075974bda4928e0c11c3b32c2eaf3cc0b8ba77cd16a35030368ec85f3f556efd4f1bc65004b246f3acea480631306102c1eae5657c87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2a94fdcc0fb37176633ea4136e8a704
SHA1 00f878ef37c71501d02724ea1d2ca7f67ff2bb27
SHA256 5e1fbfc28a9eb7b06f171375f8e4009fdb7b0518219fcae90183953dc103b593
SHA512 555645566c0f6822db919eda704c09be1eda53f56e9b12942a74f934ba1d012a61b633bcd64c2b97c154ebc776c2d9355af0ce3f0ac62dc9e8bb9b7e61d52412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b82bf0fc0ec3a1cf467219fde094bc1f
SHA1 60f4a82c8fa8181c7df1562be841543d98d640cd
SHA256 6ec3a9c90895c5fe88dd37573ad10ce74420a683131b28e535686d93b59ff2bb
SHA512 1f41d9f14b9e688c8b2ec740db22be4eb37f1c5d35e3ad02619ba882d17f85849a70f4d0ecc34e3b05add5dc86065c28601637af82b9436a325506e8a0c2fdb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec4c9a14b2ae88336a1ac7cb90b70b19
SHA1 98ca025db4748ff2bd7026048ce5ca2c5485923e
SHA256 61db6adf442b2719e073bbc21d52a57a253be667a46feeea98622e4a9f83e019
SHA512 83825c7e034aa700ccbf0b74c47574f2188a88244bb795d88410b624832347743bf0694b6070cc41521b927b04ecd6f6ec5f14063887cddd36278388707a8bab

C:\Users\Admin\AppData\Local\Temp\NDF5570.tmp

MD5 e2dfe101e2a4c442757c4263acca2414
SHA1 426decf0dff075bcb9287c5f807d252e73a4d961
SHA256 01c4d5528e224020d5e9759cd504969e0de1f16ef323ee88d9155e384aea26f7
SHA512 d10f821cdbaa43584980c1e96610ac334d44ee4c1c689e545ad2f9cdcf2136baab5f318bc165972bdcafe9d4d06e05eb275f1ebcdacdcf441daed7d930225918

C:\Windows\Temp\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\en-US\DiagPackage.dll.mui

MD5 1ccc67c44ae56a3b45cc256374e75ee1
SHA1 bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f
SHA256 030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367
SHA512 b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

C:\Windows\Temp\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\DiagPackage.dll

MD5 4dae3266ab0bdb38766836008bf2c408
SHA1 1748737e777752491b2a147b7e5360eda4276364
SHA256 d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a
SHA512 91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

memory/2756-834-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/2924-835-0x000000006FEE1000-0x000000006FEE2000-memory.dmp

memory/2924-836-0x000000006FEE0000-0x000000007048B000-memory.dmp

memory/2924-837-0x000000006FEE0000-0x000000007048B000-memory.dmp

C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\NetworkDiagnosticsTroubleshoot.ps1

MD5 1d192ce36953dbb7dc7ee0d04c57ad8d
SHA1 7008e759cb47bf74a4ea4cd911de158ef00ace84
SHA256 935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756
SHA512 e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\UtilityFunctions.ps1

MD5 2f7c3db0c268cf1cf506fe6e8aecb8a0
SHA1 fb35af6b329d60b0ec92e24230eafc8e12b0a9f9
SHA256 886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3
SHA512 322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\en-US\LocalizationData.psd1

MD5 dc9be0fdf9a4e01693cfb7d8a0d49054
SHA1 74730fd9c9bd4537fd9a353fe4eafce9fcc105e6
SHA256 944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440
SHA512 92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\UtilitySetConstants.ps1

MD5 0c75ae5e75c3e181d13768909c8240ba
SHA1 288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256 de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA512 8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060809.000\NetworkDiagnostics.0.debugreport.xml

MD5 7be519a69a03120d95f6680751baed3e
SHA1 034bca991261e73df2852e9d41fb239afed9fec4
SHA256 c3e85585841121cda75a87b14de09c910d6777b14253251dfd4c17cdccf62e64
SHA512 fa86ab058d8c61f47e9c81037bb4427ad8225248c7c1dbc7314c0973c228e5b3ff35548c1b2dd3b3b8b277be5caf9d0b91a8251d29246364e400ad931877d0f9

memory/2924-881-0x000000006FEE0000-0x000000007048B000-memory.dmp