Malware Analysis Report

2024-09-22 06:30

Sample ID 230410-lq333sac8s
Target https://cdn.discordapp.com/attachments/1094613042223906866/1094918598583140362/game_botter.rar
Tags
bazarbackdoor backdoor pyinstaller
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://cdn.discordapp.com/attachments/1094613042223906866/1094918598583140362/game_botter.rar was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor pyinstaller

BazarBackdoor

Bazar/Team9 Backdoor payload

Loads dropped DLL

Executes dropped EXE

Drops file in Program Files directory

Detects Pyinstaller

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-04-10 09:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-10 09:45

Reported

2023-04-10 09:47

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn.discordapp.com/attachments/1094613042223906866/1094918598583140362/game_botter.rar

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
N/A N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256007269205815" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 35 N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
Token: 35 N/A C:\Users\Admin\Downloads\game_botter\game_botter.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2700 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 4396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 4396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2700 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn.discordapp.com/attachments/1094613042223906866/1094918598583140362/game_botter.rar

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc83739758,0x7ffc83739768,0x7ffc83739778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\game_botter\" -spe -an -ai#7zMap6417:84:7zEvent251

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\chromedriver.exe

chromedriver --port=49964

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-blink-features=ShadowDOMV0 --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974" data:,

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffc83739758,0x7ffc83739768,0x7ffc83739778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974" --enable-logging --log-level=0 --mojo-platform-channel-handle=2128 --field-trial-handle=1936,i,13938663155241804616,373152978163640352,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --enable-logging --log-level=0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974" --enable-logging --log-level=0 --mojo-platform-channel-handle=2300 --field-trial-handle=1936,i,13938663155241804616,373152978163640352,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974" --display-capture-permissions-policy-allowed --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1936,i,13938663155241804616,373152978163640352,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974" --display-capture-permissions-policy-allowed --first-renderer-process --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1936,i,13938663155241804616,373152978163640352,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --log-level=0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --enable-logging --log-level=0 --mojo-platform-channel-handle=1800 --field-trial-handle=1936,i,13938663155241804616,373152978163640352,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Users\Admin\Downloads\game_botter\game_botter.exe

"C:\Users\Admin\Downloads\game_botter\game_botter.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2832 --field-trial-handle=1820,i,3171175963846110096,9018083893600926083,131072 /prefetch:2

Network

Country Destination Domain Proto
US 52.152.110.14:443 tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.179.174:443 clients2.google.com tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.120:443 assets.msn.com tcp
US 8.8.8.8:53 120.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 123.108.74.40.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 52.152.110.14:443 tcp
N/A 127.0.0.1:49964 tcp
N/A 127.0.0.1:49964 tcp
N/A 127.0.0.1:49990 tcp
N/A 127.0.0.1:49964 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp

Files

\??\pipe\crashpad_2700_SLAEVFFDLPSAHBAI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec302295f9c976f806f63efadcd86df3
SHA1 ff0ad623c635744a1c2b7efd384d10116e562abf
SHA256 b96f09c50c116f18777268411606955233fc69db79cfc5c3c0648fa8e3ede231
SHA512 6b31c857da153645671948064bf60c7b8348306a69bfcca29cbb0eb8a85a2efb2545be707bae143c2fc91055792ca84658e47c75dd75e4aa9e0edb1d728436dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 870edd2f0f700623e77e2433798e0da8
SHA1 4c207ec395899370f7b917f24690c639947c4897
SHA256 a7aa180e6e30af6963aeadd82a058e0da4cce5fd62e455526cd6bf37acf0e598
SHA512 79fbcd20ea19ea732523c6180de4aa14b9510dafbac35e5625786f202d13905c297f075febfc46d2d820ce5b3917802d42d44238cc043b70b2e18bfdef38276f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 46eb4db4db0b61ecfab8b7f0c0c5bfa9
SHA1 60bd4dec60f9ab08bdf2284667fc8458b813f1ed
SHA256 3631cb6d1437c847db0c52b25fdddd10bc91f2fee61e6fdf0a4ec5e2a04a6c71
SHA512 a6f380097938273804c58f6a12f7567dac284ef0b0864716795b6e9ff56e5a061a28a1c5905bc5d6d412ec350959149c2c861099e83bf2565044b2004d030f0e

C:\Users\Admin\Downloads\game_botter.rar

MD5 55cdd96e68c5f451f511ef1b7a161cb1
SHA1 959443a3339f121b5df39204a75f1ed3492644fc
SHA256 cbd8811105a4dac477788ae8a549cd3e8de5a155ea9eb8d03cf0069e58a62626
SHA512 64dbebd58a7031f4684a4a4c0d3d740257c7e77e6495e56603083b4de71c8b8779adfda77890db83ba838617980dd9c35d74ed80d3baf9ee52da599984626544

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\AppData\Local\Temp\_MEI44722\python36.dll

MD5 7e5ad98ee1fef48d50c2cb641f464181
SHA1 ba424106c46ab11be33f4954195d10382791677d
SHA256 dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d
SHA512 7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

C:\Users\Admin\AppData\Local\Temp\_MEI44722\python36.dll

MD5 7e5ad98ee1fef48d50c2cb641f464181
SHA1 ba424106c46ab11be33f4954195d10382791677d
SHA256 dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d
SHA512 7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\AppData\Local\Temp\_MEI44722\base_library.zip

MD5 402396ba5fc6bb51af2a7066b3c63b22
SHA1 c42c6d43d4d59c58a72925e717a80dd7246a732d
SHA256 abbaacef071e1fca69e2dbacd1ba7f1dcc6b03b6180a9ba66aadc9f3a1bc189f
SHA512 f960665584ddc6e4c6357d1fb36413a24070fb7159e3fa47f501547c969a47afdb099be64e31133e8c01c67fdb48e6e54590e4cd5bc674b0336660ef193dd465

C:\Users\Admin\AppData\Local\Temp\_MEI44722\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI44722\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ctypes.pyd

MD5 3e3785757daea4e4e05a1b24461a60e1
SHA1 6b114125c9f086602cbc1e0ce0723374c90884cb
SHA256 72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14
SHA512 a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ctypes.pyd

MD5 3e3785757daea4e4e05a1b24461a60e1
SHA1 6b114125c9f086602cbc1e0ce0723374c90884cb
SHA256 72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14
SHA512 a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python36.dll

MD5 7e5ad98ee1fef48d50c2cb641f464181
SHA1 ba424106c46ab11be33f4954195d10382791677d
SHA256 dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d
SHA512 7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

C:\Users\Admin\AppData\Local\Temp\_MEI47602\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI47602\base_library.zip

MD5 402396ba5fc6bb51af2a7066b3c63b22
SHA1 c42c6d43d4d59c58a72925e717a80dd7246a732d
SHA256 abbaacef071e1fca69e2dbacd1ba7f1dcc6b03b6180a9ba66aadc9f3a1bc189f
SHA512 f960665584ddc6e4c6357d1fb36413a24070fb7159e3fa47f501547c969a47afdb099be64e31133e8c01c67fdb48e6e54590e4cd5bc674b0336660ef193dd465

C:\Users\Admin\AppData\Local\Temp\_MEI47602\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ctypes.pyd

MD5 3e3785757daea4e4e05a1b24461a60e1
SHA1 6b114125c9f086602cbc1e0ce0723374c90884cb
SHA256 72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14
SHA512 a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ctypes.pyd

MD5 3e3785757daea4e4e05a1b24461a60e1
SHA1 6b114125c9f086602cbc1e0ce0723374c90884cb
SHA256 72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14
SHA512 a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_bz2.pyd

MD5 c9bfb31afe7cce0b57e5bfbbfda5ae7a
SHA1 37a930d22a9651f7ae940f61a23467deaa1f59d0
SHA256 58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614
SHA512 3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_lzma.pyd

MD5 857ba2d859502a76789b0cd090ef231a
SHA1 352378e0f9536154d698ecbb4c694aae8d416787
SHA256 42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144
SHA512 ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_hashlib.pyd

MD5 86db282b25244f420a5d7abd44abb098
SHA1 992445028220ac07b39e939824a4c6b1fda811dc
SHA256 ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168
SHA512 62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_socket.pyd

MD5 7e080d04a56cd48cf24219774ab0abe2
SHA1 b3caf5603ce8da3da728577aa6b06daa32118b57
SHA256 77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760
SHA512 8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

C:\Users\Admin\AppData\Local\Temp\_MEI44722\select.pyd

MD5 290242633745524a3fb673798faabbe1
SHA1 7a5df2949b75469242c9287ae529045d7a85fd4c
SHA256 df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd
SHA512 a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ssl.pyd

MD5 61fb40f4c868059e3378c735d1888c14
SHA1 73423b0e17eb9a0c231f4d6bffb2541a08975ed2
SHA256 ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2
SHA512 e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ssl.pyd

MD5 61fb40f4c868059e3378c735d1888c14
SHA1 73423b0e17eb9a0c231f4d6bffb2541a08975ed2
SHA256 ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2
SHA512 e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ssl.pyd

MD5 61fb40f4c868059e3378c735d1888c14
SHA1 73423b0e17eb9a0c231f4d6bffb2541a08975ed2
SHA256 ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2
SHA512 e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_ssl.pyd

MD5 61fb40f4c868059e3378c735d1888c14
SHA1 73423b0e17eb9a0c231f4d6bffb2541a08975ed2
SHA256 ea7cf863090d7f61daae9c6cc679608239e622f4485514dc705d09c1311657c2
SHA512 e40a1fcf528b9a0a4bd2161b71d86dacff82647d6895f8a945c0960310397f8ebdc2d3191d04cd262940866ff0d7ddc7e4f2c17b9ebf86f527c08c8179ff2e91

C:\Users\Admin\AppData\Local\Temp\_MEI47602\selenium\webdriver\remote\isDisplayed.js

MD5 313589fe40cbb546415aec5377da0e7d
SHA1 bc2b6e547b1da94682e379af1ea11579e26de65b
SHA256 c1a04024e5414fca8c1deedb452be77a8b9d13bb3cf67ff4230d5983537a3096
SHA512 bbdfa98ecd07a27f20966b5eb0cdcc0fac6085bebd6868a061563d210262f61d630b823e6eabd3217175b7f01516cda9c162adbfe063130d6510e0a3f4be2f7d

C:\Users\Admin\AppData\Local\Temp\_MEI47602\selenium\webdriver\remote\getAttribute.js

MD5 e6b3169414f3b9c47a9b826bb71a0337
SHA1 d22278a492d03863ce51569482dcfb30a0b006e9
SHA256 1198a9999dde24dd2da0d9877cc2e8f8dd70bfdaeee0b5012b24e5474b50e88c
SHA512 bf9e48caf03e19274b5020d5eae6a3d6d75b611676f307346cf28117da71410e6022a72da0f82a8f2c6ca06a2c503c8e6528c6a164c4fb488c5195d6aa3e3819

C:\Users\Admin\AppData\Local\Temp\_MEI47602\select.pyd

MD5 290242633745524a3fb673798faabbe1
SHA1 7a5df2949b75469242c9287ae529045d7a85fd4c
SHA256 df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd
SHA512 a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

C:\Users\Admin\AppData\Local\Temp\_MEI44722\selenium\webdriver\remote\isDisplayed.js

MD5 313589fe40cbb546415aec5377da0e7d
SHA1 bc2b6e547b1da94682e379af1ea11579e26de65b
SHA256 c1a04024e5414fca8c1deedb452be77a8b9d13bb3cf67ff4230d5983537a3096
SHA512 bbdfa98ecd07a27f20966b5eb0cdcc0fac6085bebd6868a061563d210262f61d630b823e6eabd3217175b7f01516cda9c162adbfe063130d6510e0a3f4be2f7d

C:\Users\Admin\AppData\Local\Temp\_MEI44722\selenium\webdriver\remote\getAttribute.js

MD5 e6b3169414f3b9c47a9b826bb71a0337
SHA1 d22278a492d03863ce51569482dcfb30a0b006e9
SHA256 1198a9999dde24dd2da0d9877cc2e8f8dd70bfdaeee0b5012b24e5474b50e88c
SHA512 bf9e48caf03e19274b5020d5eae6a3d6d75b611676f307346cf28117da71410e6022a72da0f82a8f2c6ca06a2c503c8e6528c6a164c4fb488c5195d6aa3e3819

C:\Users\Admin\AppData\Local\Temp\_MEI47602\select.pyd

MD5 290242633745524a3fb673798faabbe1
SHA1 7a5df2949b75469242c9287ae529045d7a85fd4c
SHA256 df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd
SHA512 a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_socket.pyd

MD5 7e080d04a56cd48cf24219774ab0abe2
SHA1 b3caf5603ce8da3da728577aa6b06daa32118b57
SHA256 77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760
SHA512 8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

C:\Users\Admin\AppData\Local\Temp\_MEI44722\select.pyd

MD5 290242633745524a3fb673798faabbe1
SHA1 7a5df2949b75469242c9287ae529045d7a85fd4c
SHA256 df8acaf83e5c861f1d0ad694b087ff0a451f01191602617307a93c9dec893ecd
SHA512 a3aec08265e2ea4549df14f6c2683b7b53c553b45304e80ed27ca5b5df70f0e1a3b139608557230e2acbaad4f302b5e20631a9d82de75222a9cc4b2177ce2020

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_socket.pyd

MD5 7e080d04a56cd48cf24219774ab0abe2
SHA1 b3caf5603ce8da3da728577aa6b06daa32118b57
SHA256 77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760
SHA512 8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_socket.pyd

MD5 7e080d04a56cd48cf24219774ab0abe2
SHA1 b3caf5603ce8da3da728577aa6b06daa32118b57
SHA256 77b3597eef6eb044fbec7b2229772495cd632033bec03badad4e4d268748b760
SHA512 8bb475b62cb025823ef3eb54db58017b9fc394fe4a8a6d84aee13a4aaf9dd426e59860d3f15abcc218bd7cf4aefeee37d8fdf24dc272b6196b089b65cb584aae

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_hashlib.pyd

MD5 86db282b25244f420a5d7abd44abb098
SHA1 992445028220ac07b39e939824a4c6b1fda811dc
SHA256 ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168
SHA512 62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_hashlib.pyd

MD5 86db282b25244f420a5d7abd44abb098
SHA1 992445028220ac07b39e939824a4c6b1fda811dc
SHA256 ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168
SHA512 62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_hashlib.pyd

MD5 86db282b25244f420a5d7abd44abb098
SHA1 992445028220ac07b39e939824a4c6b1fda811dc
SHA256 ab3d09c879b395631d8a4f89f6855d98d315675e9607248eed7bc07317260168
SHA512 62e2919c4ba74fa69f25209db89f0652c5f8624867b3221aa3865e4dc2bab07e70880c63e4853051f1cc7464ff6478106ac4d6c9fc096172d85e523d8cbd069a

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_lzma.pyd

MD5 857ba2d859502a76789b0cd090ef231a
SHA1 352378e0f9536154d698ecbb4c694aae8d416787
SHA256 42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144
SHA512 ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

C:\Users\Admin\AppData\Local\Temp\_MEI47602\_bz2.pyd

MD5 c9bfb31afe7cce0b57e5bfbbfda5ae7a
SHA1 37a930d22a9651f7ae940f61a23467deaa1f59d0
SHA256 58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614
SHA512 3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_lzma.pyd

MD5 857ba2d859502a76789b0cd090ef231a
SHA1 352378e0f9536154d698ecbb4c694aae8d416787
SHA256 42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144
SHA512 ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_lzma.pyd

MD5 857ba2d859502a76789b0cd090ef231a
SHA1 352378e0f9536154d698ecbb4c694aae8d416787
SHA256 42aafcd7e1050b3307c06874fa1e72eecfb5554bd631097e7af0506a3a200144
SHA512 ab70e4fde01bf0d1a2f4dbfe0b556ce3d83e57edf84c62262f0500b6b0295101a36e279f843cef6a08a4d4d3cde150ff76195ff417123eed64b661310fa759a4

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_bz2.pyd

MD5 c9bfb31afe7cce0b57e5bfbbfda5ae7a
SHA1 37a930d22a9651f7ae940f61a23467deaa1f59d0
SHA256 58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614
SHA512 3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

C:\Users\Admin\AppData\Local\Temp\_MEI44722\_bz2.pyd

MD5 c9bfb31afe7cce0b57e5bfbbfda5ae7a
SHA1 37a930d22a9651f7ae940f61a23467deaa1f59d0
SHA256 58563fb8798c878bbb19221d8c6c9a3cc243d6dbc9bf5d7f73ba62834c5e4614
SHA512 3775adb2750a8a7927f56b1bad853e405b21c678d2708ae1d0e7ddfb68e2228971636ccd88055a9d04e49f009d8ec1fb4e0f7cb6ad9b012b666e132d989668e6

C:\Users\Admin\AppData\Local\Temp\_MEI47602\python36.dll

MD5 7e5ad98ee1fef48d50c2cb641f464181
SHA1 ba424106c46ab11be33f4954195d10382791677d
SHA256 dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d
SHA512 7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\Downloads\game_botter\game_botter.exe

MD5 009902e86d7829f3eacfc0d48fbc7306
SHA1 5166b6456e5ba0e949f08bb185afe674e28bf6a6
SHA256 eaf53af13a4be8704aa8f381539a8f8581a2aad68c7c156d8dc53219483f6712
SHA512 f16ca60b64219bd942cf44146bee541d7785d6313c0dc8680e3fb4646c6aa779c48f70f6f397c6991f7e385524b19c426062cb038cbfa7f166a709984660b4a5

C:\Users\Admin\AppData\Local\Temp\_MEI11482\python36.dll

MD5 7e5ad98ee1fef48d50c2cb641f464181
SHA1 ba424106c46ab11be33f4954195d10382791677d
SHA256 dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d
SHA512 7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

C:\Users\Admin\AppData\Local\Temp\_MEI11482\python36.dll

MD5 7e5ad98ee1fef48d50c2cb641f464181
SHA1 ba424106c46ab11be33f4954195d10382791677d
SHA256 dd4bba32bf57165371822f5966617f475198764a91f39dc6ef86552457ac795d
SHA512 7633730cc9672bc558f8f3391534f9a0f3627a98c5c9f5acefbfc2356eeb14cd10581dceceec2e2d20ed666bc121b28d2af63bd61ead48d34cbcec5861f8ef82

C:\Users\Admin\AppData\Local\Temp\_MEI11482\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI11482\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Users\Admin\AppData\Local\Temp\_MEI11482\base_library.zip

MD5 402396ba5fc6bb51af2a7066b3c63b22
SHA1 c42c6d43d4d59c58a72925e717a80dd7246a732d
SHA256 abbaacef071e1fca69e2dbacd1ba7f1dcc6b03b6180a9ba66aadc9f3a1bc189f
SHA512 f960665584ddc6e4c6357d1fb36413a24070fb7159e3fa47f501547c969a47afdb099be64e31133e8c01c67fdb48e6e54590e4cd5bc674b0336660ef193dd465

C:\Users\Admin\AppData\Local\Temp\_MEI11482\_ctypes.pyd

MD5 3e3785757daea4e4e05a1b24461a60e1
SHA1 6b114125c9f086602cbc1e0ce0723374c90884cb
SHA256 72b7108ab9167f4cf780bac0c074c9be62ebaa43a9f5327f803c2c20a5f33d14
SHA512 a686def1331d31d779e308a6621d838495687176592f7ff0b41682f07473498d4782308a172a59fd7ef40f2c81042e851f607821c378acc9ab16da01a1ad3a3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 11e9f1eded9672cd89044e581729497b
SHA1 4e5d19a00d8ecd33bd8d99dd94433e211160e7da
SHA256 3d44d9c1fdd4667040f660fac2b3fa7e44129903a6456d3d6ac2ad72bc98a4a0
SHA512 625bef37c85be9c8929d88986a7ec4e979d1a29e8c199bb8cb7604492c526edaa3866d550e4326abff81b4078a130da73c9a3fd38c9bf30e3091ae066a8984c3

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Local State

MD5 23b4a1fe3022dd5f77397c6c456a41a6
SHA1 7683fde1286528f51b2903fae28ca1f269e2df83
SHA256 e33d71ca116deb69caa6d67ba53cdfdc3d5be709fd67ffe91629b77f872fe17a
SHA512 3c37ae2b8fc15534ad526b564c4f830bd78b067de5264605f7d0aa866f6ceb2da1707ef7b2dd989dc7cac162e46c4b645c71e9b1b4299956009b6c4d4f1319bf

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Crashpad\settings.dat

MD5 85fb09319fa29c4682ed6b9854c61376
SHA1 35a1c76001f08181e6bfd708a682e79d6ff45de3
SHA256 445d9e8b30ec57aa6d2146d151a1a066055f79ce21b93e7ecaf66afed84f2c5f
SHA512 f23996967ae9755d5b290ebb2e40ce355421125e06ad9b2f93d5569a097053e82c01f03792d8a71d6dc052cefea1f945c5cc5319b9197dd0b0a2108850c9717d

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Default\Extension Scripts\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Default\Cache\Cache_Data\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Temp\scoped_dir1396_1989661974\Default\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0