Malware Analysis Report

2024-11-13 13:54

Sample ID 240310-lvk33ahh43
Target cMAM_3.7.8.exe
SHA256 0f7d6823ebff259935e259e5ae4fde5dce8f5adca69a4ec02b54d757b517d763
Tags
ducktail
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0f7d6823ebff259935e259e5ae4fde5dce8f5adca69a4ec02b54d757b517d763

Threat Level: Known bad

The file cMAM_3.7.8.exe was found to be: Known bad.

Malicious Activity Summary

ducktail

Detect Ducktail Third Stage Payload

Ducktail family

Loads dropped DLL

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-10 09:52

Signatures

Detect Ducktail Third Stage Payload

Description Indicator Process Target
N/A N/A N/A N/A

Ducktail family

ducktail

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-10 09:51

Reported

2024-03-10 09:58

Platform

win11-20240221-en

Max time kernel

223s

Max time network

256s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff17829758,0x7fff17829768,0x7fff17829778

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff17829758,0x7fff17829768,0x7fff17829778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe

"C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3740 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:2

Network

Country Destination Domain Proto
GB 184.25.204.48:443 tcp
JP 40.79.197.34:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp
GB 184.25.204.48:443 tcp
GB 184.25.204.48:443 tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 70.32.23.118:443 www.algodeveloper.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp

Files

\??\pipe\crashpad_1428_SFVQWXYIZTMYRYJJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 59cf721508b28e2c9ab6b7c597088a7b
SHA1 f98290a138ff6d533913d0b8eb58c97c2135ff95
SHA256 7dd37864e0489452534b32be8eb1ef74e87ad48ae924f180b16f98ee7349cc3c
SHA512 67ffddc8b53fe4b617a795ad71c06a8c00e1ef181921e813acd4d9bea23da608dbeda341955aa77fd53285170c411817da9ff33823562cbfade6ad014486db87

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Private.CoreLib.dll

MD5 71a3f3c7f503b704c1840ceefe3075ce
SHA1 637adccaf7ce4baa2da906d79c8007c121dde8b9
SHA256 0293250f3cd99ab1c6c6e61caa97d9bc0dd30308d9f25bb4ee071204a368ddb3
SHA512 a1db7dce8b2448ac16ab7be1aa480da5f242c18c3ff2f1f5d3b3f8de914d2302c29c0b7d0e6f78c3dd4790375bc9e2595466b3e4abce821f442befa6cced59db

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\cMAM.dll

MD5 92b53855a61bd1e24cab65c82b2ead63
SHA1 9fcc932a5fc2c1a3dcd296e35503250f88165f29
SHA256 6849ceeb0a052e6abe41edabc6bd76de8c53759c2832807bf8980fb5dfdaeea4
SHA512 fddbf97da12977bc4e3779fb7f08723b9203f56c50c7672513af71447009fa2e196823f2bca5e9293db0bfffc8c0a974d1c08219163cfe6cddc49309af946aa5

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Prism.DryIoc.Wpf.dll

MD5 bd3f6009fc2b6a04bb3401c0158a2868
SHA1 62aeb021c1fd18dd4bee4e3c6947571738582819
SHA256 ad1666c83f2554b09396386fcec856f9b3068b9bc2a29f13c08d3ce0c23d7d4f
SHA512 83e4ed6ff4351056c2003d776cb15916f280f1cd3aa4c6ae6e4cf982c0b69e21c1ad3c08d0ee4b3fbf7861f9b231f5ddb8735a037ee7beb76c1ac485fe49450d

memory/1116-554-0x0000000000E90000-0x000000000170D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Prism.Wpf.dll

MD5 7a103c5bde44976ad0627443af2e1a4b
SHA1 55e4bb694cca644846bd4a39782d76d9b4996480
SHA256 c3b44b118486a5d74d696c14853e5306ec893dadd0be8ea6f404edae8c66f2d3
SHA512 8ca0142f855f776cd610c5e9e6ed46bae8d980deff2a8916c8fb4356d516d1f0d9b8c0114f456740402f1de1ea55c5eb4f797bb04f00196c7a647fe212e50836

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Prism.dll

MD5 0877a419afc7306cfa2d301e314f0548
SHA1 ba76afb78636546c5dd73162bba7a98ae3b34724
SHA256 92090c9c3c5195149885be91aa469b85d2cba9a215cb3bfb65e93945f33d852b
SHA512 5e3ac30005f4fdee8f85d2a632415bef7a9722add4cfc59745da9a41e87cf79e5c62a0c2fb52b79381495be94f7b7d0ec3a455f0f112e7b0bdaf63d6b46c6bd1

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Xaml.dll

MD5 a883d087f9442e149539f409cc9603ae
SHA1 7b44a0a5cb899094c48ce4517601c3918f3917f7
SHA256 27cea62d4ffda68c962cf1f5ffa08ee8020a94d278be39291322741f9d2046e5
SHA512 36ceebd9322e2061cb718b7b96b0b2b9a526a825f0e8f1d0e9b792ef11a5f60b92d733bb16f60d3115ed262b901aef51256b859c24f4dd1f3f5f4c3e47b02197

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\netstandard.dll

MD5 5e81a5d94c445ba0252c744700041957
SHA1 398ed8da687d7a29e1fa10370bb87caa6d3cbd6b
SHA256 cfc1c418e135058f8de93563332e8378ce0465794b6d0b2bcae10d8f35712c52
SHA512 6b08bc0ba83ba2a4d33d7eed2b4e6b2d656dc2485a9341cae39010e5a94404f35a96af655a399e7a90ec41aa97dcc2c938f32c6df79cf5d9e67f6342296e6a22

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Services.dll

MD5 f6c38e755e5e81894372603096025691
SHA1 3dd3ca66b35459de538a317c929762a2fd94cec1
SHA256 000cc59bc2b899cb28649633e221d5d0aef7e006fe91bf866f8a6159bdf3c709
SHA512 f0d192c4964e08109deb8cb8a7f1b6f95cf22a896b991c912df8e959f8488d1d50a58de19f79e8d5a510a25741be1b261289514c6ed9e5d0ef01cd0ca34dc5e4

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\PresentationCore.dll

MD5 2dbbfd5a6a88c9f815241a61446b9965
SHA1 7b2540ca55b89d8cbe084c88ea32224c2a3d219d
SHA256 85045c57c83bd6be7db2be36f4a4a6ae9032873955a56edf9dc705a4de5def14
SHA512 9b6b362205dfa26328c99ff0a83d402efa3e3d42da24e0fc41cc68ef854d91d4bb36793c17e13a95e561841050ff3637fb1a00b733b93966b783921fb2cb68c1

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Diagnostics.Debug.dll

MD5 33db322d9dc2d1533b53d297cbfe525b
SHA1 56fa93a1e598d708e1c00b0fc4453b3ce22a0aae
SHA256 592d5b4d74fa0c22d73a5f3beb43914d163ffe0962f427c4889521cc8ed355c6
SHA512 e420f9a752856f7d2a13873b9c98d51d6f415f78f22fcb7dbd80005b4682ec9ba2dfe605ede0bd0a7673fec788e9bec8a2d4e591be5778b74290677bf724ba61

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Win32.Primitives.dll

MD5 dd8fc34eccdb3ae60fc11b713ca70d9a
SHA1 7a3f8e77332486ed0d4ecf81586298bede0c5810
SHA256 71c40c1bbe7043ec15b4a209a68abfbd7cd34fc0dafbcfa14bcb8dc925d84851
SHA512 c9940da634d1f8a0556ecc1f5f4e807028c5480627d4a2542253c238a6c9e2a5552e7d06e8c807741fd69ae1a70f24fc9f90755a3fe8673c415f12a7c2ab9c37

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Threading.dll

MD5 94a1a6a5a0ffc66f860f78d076de5fb3
SHA1 593893edda64b63cb90e8ef5b778a97eee3e6ea8
SHA256 409884ffd47f53efb57c3d0df2e77a0ff30058c2751966b8f02a36c55b6c3741
SHA512 8d75dbdfe1c419e3ed56c0f2798118df18f1173b4bc3073fa9fa460bea1da4e2161776813f830cfa1e01601475d269ce844a739e57c4f5d5f17f8f3f5f304eee

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.CompilerServices.VisualC.dll

MD5 b5bdfc48cb00712cc4fdfd0b06807cbf
SHA1 6dba2aae1515f218f997ca7f6f438e4d4437bbb3
SHA256 aba608e57b8c5bf82b52db4fb04302c29580e872c29731f41a9f18bde71b633a
SHA512 0a887dc55b89bbf3e6bd19fa4229cc1be4ba95258be2deabd25654de4a083010f3164183df3f2c0173f5f111b83878a0257f57bf38e3b49dfb28f902df5e7f15

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.InteropServices.dll

MD5 b86fa37517caa610e3c844e33c3f0340
SHA1 b26da61ab7351430162d48bc32d5ec23344303b6
SHA256 c91b7f744a85af95edc5fd9c0d1dcb222cc712e184574debf24a4ec2464dbf4d
SHA512 0fb0f7c135043813a22e049eb8de047660233e49678e5fd4f019b646e455db18d065c09c81f3b3998fa40afbf985b85966cf79be30500ea513bba71872b16065

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.Extensions.dll

MD5 658ea779cd19c2ba6e65f1c79793d72c
SHA1 fa6c0f53a60bf457d31842426e5dace34ce27809
SHA256 f00b63582805112e6b0e444d76fa91e836f532d67be6a457cd7cafdec7870d4e
SHA512 c75af64dce124e18a623d84df75e1892faf496e19318152ac3eed80e79b8146e55825b4184b05cf8171c592e9a9e2b1d156cc6ea62695df69df5560939d8e6a6

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\DirectWriteForwarder.dll

MD5 c6d0654f83bee8ab869c76cee16a5839
SHA1 9e0e37233c807a64917754d2160cdab655816dfc
SHA256 e974b6fdaa432ad52714bba634e6c22375d624c1f82dd7ca0e2bf230b340e150
SHA512 c84f426f8d4e9fce2aed6b9168b3f7808c333bcd2608c85dcd16e1ace324f357644816d91235455aa524daba423aae5de4315de11da52ec4b2a6db205ea37fd0

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Private.Uri.dll

MD5 85c8cdf1060fcf027e3c1dfe32b3d88a
SHA1 307bc2fb2cbef8a4ed5bd48fb136f5fc968e7b46
SHA256 0dd85d0273ec0f1a5598de915d5bada48391490dda73f2d00043ca79c9db91fd
SHA512 c69568ff6e65a1a537e7a6425d524c9f62b100ad2b40b025f2ad438a76d0352d107a0786d6c769c3389a1a3f41efc5f205723c146f5d4653cdcca44398344a6f

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.IO.Packaging.dll

MD5 960ec7bf7571f93e1fe8a88a0b7daefe
SHA1 13e88ef6c0b275910fcbef91bab93e028466da41
SHA256 42af5552abe6bc9123d39ac42aba4cd8b42d3939c48f15f094cc443a0eb7ecb2
SHA512 ff7694e8dac2f9a0c6961d548a4b1d28f757fb43e4bafc509a2327e6242e735768071e0f7562caa696c153a33ce450544d7b691272f3e22b7e5f703545253d8d

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\ScheduledTasks.dll

MD5 ea0df33fce2f4928e53ec058088930de
SHA1 a7313b23316bb68aec6977e652fc85f48d856aff
SHA256 3af0fa63edde56201ea480b4967c5a337345fec7c5cb280e2dca5f5ef099d5df
SHA512 679df169900239cda6241cace2adffbbfedcee1a768ac480fe2b40e240c1420889dfbeeadff62a33079b4052ae214557e0e9c2ea3405260a97d5ac290c9885a8

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Logging.Core.dll

MD5 f892a148eaa99028cfe310bbd0fc0580
SHA1 fba212a58f12356f7f1690a80f8127a43b64fd34
SHA256 8f118ad337684dccf53e7496a31406eae330eddf1f73bc756f6f9c1e9598a5fe
SHA512 20d3aa410e789740ba5c3f9e0b21c03e409e936c721407cb96d254c14f7b8e58bb89fcc2d018c3454f1d9a5f0e855240a1b997b1ddad0d84bded678b70fa5bee

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Logging.NLog.dll

MD5 1665bef8bfa2f167591350e587e251d4
SHA1 9143a7df91eb339b36e946861302a3ec6c488505
SHA256 871c765ec82460f615777d8e9b4d2a4f64c13f2a48d0750978bc0239d8101312
SHA512 de6e1d0c3ed47861c7d47dfb1f0245c989b0ff8f856d6dda7c377b5b3bd96a30374f91f938bd2a4f6e1241a2780e473a74773db9f5a23489b49354899a725c15

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Data.Core.dll

MD5 3b4931ece825ac5fcd3f791f8672867b
SHA1 1ba84e233ee5a506271eac09ed5090cd5fce0061
SHA256 d074421e0b2a68668d91122ddfa59c1d8c9d4a59ab1029b870f77523d9ecbae1
SHA512 a679d27a538fb8655c198cf14a7aa0cee87f7341c5b002539a20900f4bfca9a732be39b0bdd641b9e3188a2b5c9dc00b368195626d4007aa6caae70dfe613261

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Data.LiteDb.dll

MD5 d4af49eb8ee4352308ad183daf814d6c
SHA1 f66215ecd5a85b53223fbc27a39d0eb002c9d41c
SHA256 eec7569328c0a432ab3621be3f5e512119b193b5db0f1737e257b331d8f645c2
SHA512 4c34f43dd3774b04d6b1ece1460545d18df144a4bf845085495a979f88c0f9cb5aaa629507ea29b351567fd7b3e035e77c874926aaf8343eed07eb728ac66268

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\NetUtility.dll

MD5 7bde0e323fa9637a844b3f3eb2aa90e3
SHA1 b9e920171a08801ff6ebd315da56388c8856b136
SHA256 5ed615f18760807b8267f39cb9199379017400d66791a40b61330ca07a256a0b
SHA512 9e82aae7efb7fd2a48ce67f1b83f3428da6a3b6f3f9d39fb03ce0316f5ad569c54a2919e2353adcdd2de36834a0aec2696f0ed91c36ec1225ed8095cf95e2883

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.Binder.dll

MD5 90e58d5a0eb7af2cf55bb8022821e681
SHA1 144c4fa6c3cef6b532ce7b7c3c27753bda514714
SHA256 c0d2a11b73afc7c8eac5bb1ccf60002e5b132df23a18bd9dc8385eeb7992b283
SHA512 7a94e80a09b6dfa069d5c8f89f84d9c63b683a8996e914d66cb7867b5bad9af3a5b723d215fcea276bbd29605837ab357edef2d7876cb72aef9a4d1844e48ea0

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\SharedModule.dll

MD5 9ff76599a30764dfafca48685968291c
SHA1 9172850003ada2f35fae8a3941df89a316a8a229
SHA256 4d1e1451acab0eb106612a1286afd6b96481c5772ad5290933c68187be3d2775
SHA512 7811ea71400aeb336e95f1e0b0245ef96a7e183c7d49578057a6aa81b771a3cb3fb5760a8c1c6b8d28c1d93b30a70e1e49b4e1f4ebdd9499d794b9a771787383

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.Json.dll

MD5 f632ba94ae101b3a171d59801a2d5c19
SHA1 182a3cdc49febc6ce3f96056c399af1311129af7
SHA256 476f3fcb02d6c48705c4ab43223d08c42f9b5e2e2ead7e811de2cbdb847ebd34
SHA512 b074266ec3b4bae741beeeb6fe8c5cdc759c541dd0a90b0ee6082ded8ffcb2bec15717cd1c646746b452a51ea0b08d30dd47b7ba6d647629b374651036b25a48

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.dll

MD5 d7ce22d25b8f8ea05f0480291fac550f
SHA1 783fe3de87c8f617d52f662a6f0219c7fe98ed37
SHA256 73cc9885face04b1273818252d3bbda5e5d26c90f0169b93e144225d2bf6f0e8
SHA512 59ce8b737e6382bea149bebbe4b26a9c4803978ce8bd59319b5afcf3dd5776e44c0d255ce99a19319175b2e31d61dbcd445f685f69fbf0a25f8f27658b857a07

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Threading.Thread.dll

MD5 58597876acb81e60e07e0ea3949c96ae
SHA1 e55d83806d5db3e11f165c82b48ff51b4971b7a4
SHA256 48651fae2bbb243ee55b2a320639b96c3e08f7b62d6601951faeae0b01d9b959
SHA512 b02a029494d0c1a8e6890ac45dbf92c9d3dc5f23cbcd48381864c7897a6b49515c0327f87c1fa09c3a05b77beb582c6e1d48e847c5f364bc6ee629a5c3539b5e

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Linq.Expressions.dll

MD5 95d02b2f94b5c8b76744912b39750c6c
SHA1 595ff1421f4675d017c597ee0087b8c776f684be
SHA256 64b72ffe724559aaf7eea5dadbc545f54bf5971b8c135e7af1185a1de847accc
SHA512 7b9f929baf978980378b11bdaddc9313bbc8dba0ecb1d455b625c40fde388ca9f5da0f0dd1819f24f547b01551f3c546d077fd509439d1435e06fb792e038614

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.Abstractions.dll

MD5 134885709f7087d3a1bad3108179578a
SHA1 c524c7d46a343b75a64bf52b19e3c70c453f9061
SHA256 e4eb5eb7e28a5548cd904fe1a9c3569adef91f52b654db8a3c56a0a5177a09eb
SHA512 8d7016036e22e32cb5d34725d5b07667964ca593c78b986807ee45e09fe498145b8fcfcd46e28f1aa1afbe78d3e0eb14d3b08cfd51060bdef389b92cc1c5e974

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.dll

MD5 7762aed99d5f783862b71f1855da2653
SHA1 24a603bb513479617997553f3d2e672e8594228d
SHA256 df44ffe9a56d13d8d6fc3c70ded4beaafa69f4f29a3ee1518d3ec17e4699df93
SHA512 39a0bf11761efa6a7117a0c18ff86bdc0000cd2af23a40780af85d955b0b0a8b54e73aa543533f2695de3e939f0a13062379e1c745f08eeb907179d75d5d8177

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\WindowsBase.dll

MD5 60c031c6fd9d6b6a4354c0f6c50e94d4
SHA1 6035580a7f1d0b3e3cd91b48a38f53508c1ea207
SHA256 3a3331529c0892451861836be2155922f4b0084d211b277350c37bc9f4e418e2
SHA512 1eea773c66ccba761d6a2a2706d2392beaa8e990c72060b1977e05aea3ea8e97d1cef1a7ce15a8d3dfabedb18ee667182ba70014d653b9209cab1ec9cee35462

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\PresentationFramework.dll

MD5 5203240d7ad2c3e409744734f1290ab8
SHA1 18587b38ccd93a1768cec6c9e60236ce17e119fd
SHA256 d380a13fee2fd6ae8f3b82bea420e76795f0a3c2d71ceb45dc5e22fd65042bbe
SHA512 398069622298b0cc4974662b3bdb5ddd74c4332fa36b43fd728bfe4fe5ca08282e05db1c08bedd6fd8152577e6705f2a373c5b2b33a15d5a83c89ccb0fcba2d4

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Collections.NonGeneric.dll

MD5 79e9657babee887d62ae9c44198f29f9
SHA1 17c6b6adc4b4d20c32a7638ca9e85e3771ca5524
SHA256 24fe635ff8d1e905a14bef0ce046793f10adf8c4b074a428072a96c1f86b53fb
SHA512 88a86c7a29153032e7d2dd918dbe7402fdfc923e6b26e4af16730ab013f0869bdf814c96ff4590b06de214d4893f16742f9d1a158d9e6f46837ee4145c3e7878

C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Win32.Registry.dll

MD5 5b3c45bc7caecb3f3888a1b205cc4f31
SHA1 23f5c915b199f091e4acdd4dbd2a09dca4b4daf9
SHA256 da9306ede2cad443b97a674671874d9cc7be14c51abc697c8cb1024bac0fbb4e
SHA512 86528256b2747baf915b47b4066035b9f012e816eded6338aa2e830433131d3ed1030dc0d1e0b4d04feb17a1e2ec594e28ee51be8b6a21e745cd0f0caea5bf82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 92f346b4216e4b6023cc17a353fac8a6
SHA1 265f834fb21e8e1725eee216b00e295add1b6e8e
SHA256 056a4a71c5141c90bf65aaf3709b9c57c6b13bc1d4ed0ad9d2a6e345b1b7a025
SHA512 e3f680f9e8127e203242feb1d41800b90ce5f2eee45ad5a63b0d635b7d6e90a1ba4c9e9f8d24361ef184665b070b6828cd931b299c6f0e5fcada8ae99601500a

memory/1116-891-0x0000000000E90000-0x000000000170D000-memory.dmp