Malware Analysis Report

2025-08-06 00:52

Sample ID 230429-nh736scg3w
Target TwitchFollowBotbyKuroCracks.zip
SHA256 08199dd6a39908c277dfbcdd1db5144e1516bda9108fa22c8567e3ec0dc73574
Tags
spyware stealer lumma
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

08199dd6a39908c277dfbcdd1db5144e1516bda9108fa22c8567e3ec0dc73574

Threat Level: Known bad

The file TwitchFollowBotbyKuroCracks.zip was found to be: Known bad.

Malicious Activity Summary

spyware stealer lumma

Lumma family

Checks computer location settings

Reads user/profile data of web browsers

Unsigned PE

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-29 11:27

Signatures

Lumma family

lumma

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral8

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

30s

Max time network

64s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133272487038169233" C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe
PID 4388 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe"

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --first-renderer-process --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\gen" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\gen" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\gen" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\chrome\worker.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1760,i,4194438028072027383,4315811812734108338,131072 /prefetch:8

Network

Country Destination Domain Proto
US 209.197.3.8:80 tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 20.189.173.12:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
NL 142.250.179.202:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.77.109.52.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp

Files

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\bad02175-9733-47e0-b4e5-44aacb4fa1f4.tmp

MD5 e58af2fb17f6fa95b22d07641ed76833
SHA1 8c6871e8da0e6f4c8757891fa81df66b85d2aabc
SHA256 f6c9b55ea91997d180647b1c0651e906bb06bf8cca559d5bc661f9eecf8e1e05
SHA512 e873b9f73d419c149a39728a65adb87417a5f798145b20d9b91552b5ee7a7db3ee8c7709eef9c4715c25e9a02804c765118a26198663b3fa18cb2d8f4b9e8e6d

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Cache\Cache_Data\data_1

MD5 f09ac30a2471f5e3e5f3d26162134295
SHA1 f3ba74c0f73fde7b994fac9679bbd117475e140e
SHA256 4a156b4e3fdc3b35693b04deb539cb8e7a17c6ef52152392cf24886005dccb65
SHA512 bfb8f63adcebb55ebbcc1704729fade56a3447330fcce7c77c30f86f7bf68b6adefd91db363026047ddce7ac22418a8224d9a6da9da8b457f48c0176193d83b7

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

MD5 14f33dbf645837ba4e73352a78ee7d48
SHA1 28fd6a406171eb2cb43b1708077a96f70c967f57
SHA256 ff75da97821aa2bcc9bbc30f0c99eb19ae736bff94399cb0a9e417cb8d56dfd5
SHA512 4b7ed1073a62d333a2e0c468338653ccba8b17b9232a71bd43ff70ed934b72481248b8c494f9054b57e2b58589c51df8045d33d867083e086d14d7d5f9ddb17f

C:\Users\Admin\AppData\Local\Chromium\User Data\Local State~RFe57276e.TMP

MD5 08ee33411d7e2ccb5b4b215c2a0c6eb8
SHA1 720082bd48766e1ea4d3a860f18e47be91b1383c
SHA256 f3f136b27ef6d038cfd3d75e14b54d56df2d52078db0b9a79ae0447c2d4ae43e
SHA512 28f36d304773a6f8b09aa8981d50450ae2ec012e999dc25ed91c2f56e2c3caf0b188d09834acf22c4649e5f040819aa97edaee9d8f391cad88abd7c249049af6

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

27s

Max time network

63s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe"

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe

appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 20.189.173.11:443 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 93.184.221.240:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\data\debug.txt

MD5 75794dfc8cf9507d7ee444f58ff1f5b3
SHA1 5b2eba250ba37673c0cdd579074f2e49189d2cee
SHA256 f63365fc8523067d35897fdd77d863d7bd54276b115a87f5fc586fea51b23e5d
SHA512 4ff16cc83f091252dbf5e9cda83f45b0f6c49da16194fa32eed582f60ceeb578989440c4ecafc3f25b29af4b06fd97ae4d2935ebe478e591b2c067e95fbc63e4

memory/3824-142-0x000000005C370000-0x000000005C8B2000-memory.dmp

memory/3824-143-0x00007FFEBA060000-0x00007FFEBA61F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\debug.txt

MD5 d3d4f2a1b00070aa3e06e161d481b70b
SHA1 0a2a8dcb8c2c34ad92e8b0830723c8b415771a7f
SHA256 f3b9edfca030cad80d47b72f5d4ed604aff409bd7e42cb72641da12be01a634e
SHA512 5dcb4ec0303c9f5e55fd6205f19428c02dac2baaadb6e3d82a5cedf8b26d53c6f51dca843fe1113f780f411fbc4cf8c7528b621aee7aa9da0828ebf49d61be17

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\modules\meta.json

MD5 c90acdedc14583f46b768d66add9af90
SHA1 7b1be3da438af1580aab89a2cbad6f35bc05c0c3
SHA256 7b200efc3a653b859c23a661e7bcb66d641f0fc4b7230c11d7b6834f986db457
SHA512 ca0fb91c3b2db75732d2371a042b7d00e8e16ef88cda0ce43790364ee18b00935f248c37f6bf760d34f1cd901a377da098f6f38b1a408158a5d2f19287686a3c

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

13s

Max time network

67s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe"

Network

Country Destination Domain Proto
US 117.18.237.29:80 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 20.189.173.1:443 tcp
NL 8.238.177.126:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp

Files

memory/3580-133-0x000000005C9F0000-0x000000005CF32000-memory.dmp

memory/3580-134-0x00007FFB454D0000-0x00007FFB45A8F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\debug.txt

MD5 d35883baea1ba66b2757acca0ca6665d
SHA1 53d643ad904177f1519f3a5c034f546095797681
SHA256 ef33f11d29ad3b175abd9006856ac448aec5eecbd52c295c637b08b21e025be9
SHA512 e69f47307922d2a056902bddb788fe8800c3a1749896139610ca923b55333f6cf2c76b54cce71e752edf47dc8f262d604507319a57582bab505c298160dbb0d9

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\modules\meta.json

MD5 c90acdedc14583f46b768d66add9af90
SHA1 7b1be3da438af1580aab89a2cbad6f35bc05c0c3
SHA256 7b200efc3a653b859c23a661e7bcb66d641f0fc4b7230c11d7b6834f986db457
SHA512 ca0fb91c3b2db75732d2371a042b7d00e8e16ef88cda0ce43790364ee18b00935f248c37f6bf760d34f1cd901a377da098f6f38b1a408158a5d2f19287686a3c

Analysis: behavioral4

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

23s

Max time network

68s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Scheduler.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Scheduler.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Scheduler.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
IE 13.69.239.72:443 tcp
US 52.152.110.14:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.164:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

30s

Max time network

66s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{392C6A65-FEC0-4E14-B80C-FD8F9CF63E40} C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1900 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe
PID 1900 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe"

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe" --type=gpu-process --field-trial-handle=1672,4717043912470883285,7761126020060679892,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --log-severity=disable --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --service-request-channel-token=9355575520705611108 --mojo-platform-channel-handle=1396 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe" --type=utility --field-trial-handle=1672,4717043912470883285,7761126020060679892,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --log-severity=disable --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --service-request-channel-token=5978853817981433830 --mojo-platform-channel-handle=1952 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --field-trial-handle=1672,4717043912470883285,7761126020060679892,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --log-severity=disable --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10012864076507471052 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\UserInterface.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --field-trial-handle=1672,4717043912470883285,7761126020060679892,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --log-severity=disable --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15803335564430514738 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
NL 8.238.179.126:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.196:80 www.google.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\profile\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\profile\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\profile\Code Cache\js\index-dir\temp-index

MD5 b7a007f8c19f72433d7aa8733902ccd8
SHA1 9af19e1a7254001e742e959f00d6828c077a6e71
SHA256 e14a804b9d3aac7fbd67cc6eabdf19a1c5c6920a926441af8b7770aecee910ef
SHA512 b7731e5d8565d1ccce5b873e871a007e08643c96a09d97b862f67746ac5bdf3bba350ab8c3cd40168226a602bf69e6e1a659b3a08a0cedfed528aea4f701b6e4

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\profile\Code Cache\js\index-dir\the-real-index~RFe57a77b.TMP

MD5 531b1d6d41c7d873d93c8b8de6e5efb8
SHA1 d643d3b50a357c6e059d9d2b1bb1169a33968818
SHA256 678f5fa5cb96e94ab3e7713c2802ef95ff0b05c3cfa2894851ad430f4b1f8749
SHA512 71d302a3702bc68cea876ed29acb286ea66a69076fbc69bc2e2c5224841be80643f3111fb8512fb0e805caa5e0e85896e71a7fa3118eda6af7b64151d6f36164

Analysis: behavioral7

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

31s

Max time network

64s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\Worker.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\Worker.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\Worker.exe"

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 209.197.3.8:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 131.253.33.203:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

30s

Max time network

79s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\RemoteExecuteScript.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\RemoteExecuteScript.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\RemoteExecuteScript.exe"

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 13.89.179.10:443 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 93.184.221.240:80 tcp
IE 20.54.89.15:443 tcp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp

Files

memory/4124-133-0x000000006AFC0000-0x000000006B502000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2023-04-29 11:24

Reported

2023-04-29 11:32

Platform

win10v2004-20230220-en

Max time kernel

25s

Max time network

89s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{1319EE7E-D422-4877-82F7-BBFDF31F9E8D} C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 644 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4780 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4436 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 4088 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe
PID 644 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe"

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe" --type=gpu-process --field-trial-handle=1676,8705712873571028478,2823406586980593402,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --service-request-channel-token=9760681122036830057 --mojo-platform-channel-handle=1684 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe" --type=utility --field-trial-handle=1676,8705712873571028478,2823406586980593402,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --service-request-channel-token=8578118936656016572 --mojo-platform-channel-handle=1952 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --field-trial-handle=1676,8705712873571028478,2823406586980593402,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8573096986799555222 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --field-trial-handle=1676,8705712873571028478,2823406586980593402,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3512686315433190793 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe

"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\SchedulerGui.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --field-trial-handle=1676,8705712873571028478,2823406586980593402,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4000624381867313032 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 20.189.173.3:443 tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\Worker\debug.log

MD5 342b4591cd0bde3246c8977e224c05c4
SHA1 b69e9ecc7fa7e12effb4e3c631ac0e8a7aeb0712
SHA256 09b999b55f42512196506755a2dddebd628b8be15a2259a037c292af5a186705
SHA512 270ccb675aa07bcdc82e99453e9ba5fc6bc22852e977d88e35d85ff0453d205fc5745a861ec12da0bfaee489bf467061cd694836861b0a7fa8a07c8d0be3df73