Analysis Overview
SHA256
0f7d6823ebff259935e259e5ae4fde5dce8f5adca69a4ec02b54d757b517d763
Threat Level: Known bad
The file cMAM_3.7.8.exe was found to be: Known bad.
Malicious Activity Summary
Detect Ducktail Third Stage Payload
Ducktail family
Loads dropped DLL
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-10 09:52
Signatures
Detect Ducktail Third Stage Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Ducktail family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-10 09:51
Reported
2024-03-10 09:58
Platform
win11-20240221-en
Max time kernel
223s
Max time network
256s
Command Line
Signatures
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe | N/A |
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff17829758,0x7fff17829768,0x7fff17829778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe
"C:\Users\Admin\AppData\Local\Temp\cMAM_3.7.8.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3740 --field-trial-handle=1816,i,11027206362908639002,2554572069256685963,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| GB | 184.25.204.48:443 | tcp | |
| JP | 40.79.197.34:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 34.197.79.40.in-addr.arpa | udp |
| GB | 184.25.204.48:443 | tcp | |
| GB | 184.25.204.48:443 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 70.32.23.118:443 | www.algodeveloper.com | tcp |
| US | 192.178.49.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1428_SFVQWXYIZTMYRYJJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 59cf721508b28e2c9ab6b7c597088a7b |
| SHA1 | f98290a138ff6d533913d0b8eb58c97c2135ff95 |
| SHA256 | 7dd37864e0489452534b32be8eb1ef74e87ad48ae924f180b16f98ee7349cc3c |
| SHA512 | 67ffddc8b53fe4b617a795ad71c06a8c00e1ef181921e813acd4d9bea23da608dbeda341955aa77fd53285170c411817da9ff33823562cbfade6ad014486db87 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Private.CoreLib.dll
| MD5 | 71a3f3c7f503b704c1840ceefe3075ce |
| SHA1 | 637adccaf7ce4baa2da906d79c8007c121dde8b9 |
| SHA256 | 0293250f3cd99ab1c6c6e61caa97d9bc0dd30308d9f25bb4ee071204a368ddb3 |
| SHA512 | a1db7dce8b2448ac16ab7be1aa480da5f242c18c3ff2f1f5d3b3f8de914d2302c29c0b7d0e6f78c3dd4790375bc9e2595466b3e4abce821f442befa6cced59db |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\cMAM.dll
| MD5 | 92b53855a61bd1e24cab65c82b2ead63 |
| SHA1 | 9fcc932a5fc2c1a3dcd296e35503250f88165f29 |
| SHA256 | 6849ceeb0a052e6abe41edabc6bd76de8c53759c2832807bf8980fb5dfdaeea4 |
| SHA512 | fddbf97da12977bc4e3779fb7f08723b9203f56c50c7672513af71447009fa2e196823f2bca5e9293db0bfffc8c0a974d1c08219163cfe6cddc49309af946aa5 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Prism.DryIoc.Wpf.dll
| MD5 | bd3f6009fc2b6a04bb3401c0158a2868 |
| SHA1 | 62aeb021c1fd18dd4bee4e3c6947571738582819 |
| SHA256 | ad1666c83f2554b09396386fcec856f9b3068b9bc2a29f13c08d3ce0c23d7d4f |
| SHA512 | 83e4ed6ff4351056c2003d776cb15916f280f1cd3aa4c6ae6e4cf982c0b69e21c1ad3c08d0ee4b3fbf7861f9b231f5ddb8735a037ee7beb76c1ac485fe49450d |
memory/1116-554-0x0000000000E90000-0x000000000170D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Prism.Wpf.dll
| MD5 | 7a103c5bde44976ad0627443af2e1a4b |
| SHA1 | 55e4bb694cca644846bd4a39782d76d9b4996480 |
| SHA256 | c3b44b118486a5d74d696c14853e5306ec893dadd0be8ea6f404edae8c66f2d3 |
| SHA512 | 8ca0142f855f776cd610c5e9e6ed46bae8d980deff2a8916c8fb4356d516d1f0d9b8c0114f456740402f1de1ea55c5eb4f797bb04f00196c7a647fe212e50836 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Prism.dll
| MD5 | 0877a419afc7306cfa2d301e314f0548 |
| SHA1 | ba76afb78636546c5dd73162bba7a98ae3b34724 |
| SHA256 | 92090c9c3c5195149885be91aa469b85d2cba9a215cb3bfb65e93945f33d852b |
| SHA512 | 5e3ac30005f4fdee8f85d2a632415bef7a9722add4cfc59745da9a41e87cf79e5c62a0c2fb52b79381495be94f7b7d0ec3a455f0f112e7b0bdaf63d6b46c6bd1 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Xaml.dll
| MD5 | a883d087f9442e149539f409cc9603ae |
| SHA1 | 7b44a0a5cb899094c48ce4517601c3918f3917f7 |
| SHA256 | 27cea62d4ffda68c962cf1f5ffa08ee8020a94d278be39291322741f9d2046e5 |
| SHA512 | 36ceebd9322e2061cb718b7b96b0b2b9a526a825f0e8f1d0e9b792ef11a5f60b92d733bb16f60d3115ed262b901aef51256b859c24f4dd1f3f5f4c3e47b02197 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\netstandard.dll
| MD5 | 5e81a5d94c445ba0252c744700041957 |
| SHA1 | 398ed8da687d7a29e1fa10370bb87caa6d3cbd6b |
| SHA256 | cfc1c418e135058f8de93563332e8378ce0465794b6d0b2bcae10d8f35712c52 |
| SHA512 | 6b08bc0ba83ba2a4d33d7eed2b4e6b2d656dc2485a9341cae39010e5a94404f35a96af655a399e7a90ec41aa97dcc2c938f32c6df79cf5d9e67f6342296e6a22 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Services.dll
| MD5 | f6c38e755e5e81894372603096025691 |
| SHA1 | 3dd3ca66b35459de538a317c929762a2fd94cec1 |
| SHA256 | 000cc59bc2b899cb28649633e221d5d0aef7e006fe91bf866f8a6159bdf3c709 |
| SHA512 | f0d192c4964e08109deb8cb8a7f1b6f95cf22a896b991c912df8e959f8488d1d50a58de19f79e8d5a510a25741be1b261289514c6ed9e5d0ef01cd0ca34dc5e4 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\PresentationCore.dll
| MD5 | 2dbbfd5a6a88c9f815241a61446b9965 |
| SHA1 | 7b2540ca55b89d8cbe084c88ea32224c2a3d219d |
| SHA256 | 85045c57c83bd6be7db2be36f4a4a6ae9032873955a56edf9dc705a4de5def14 |
| SHA512 | 9b6b362205dfa26328c99ff0a83d402efa3e3d42da24e0fc41cc68ef854d91d4bb36793c17e13a95e561841050ff3637fb1a00b733b93966b783921fb2cb68c1 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Diagnostics.Debug.dll
| MD5 | 33db322d9dc2d1533b53d297cbfe525b |
| SHA1 | 56fa93a1e598d708e1c00b0fc4453b3ce22a0aae |
| SHA256 | 592d5b4d74fa0c22d73a5f3beb43914d163ffe0962f427c4889521cc8ed355c6 |
| SHA512 | e420f9a752856f7d2a13873b9c98d51d6f415f78f22fcb7dbd80005b4682ec9ba2dfe605ede0bd0a7673fec788e9bec8a2d4e591be5778b74290677bf724ba61 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Win32.Primitives.dll
| MD5 | dd8fc34eccdb3ae60fc11b713ca70d9a |
| SHA1 | 7a3f8e77332486ed0d4ecf81586298bede0c5810 |
| SHA256 | 71c40c1bbe7043ec15b4a209a68abfbd7cd34fc0dafbcfa14bcb8dc925d84851 |
| SHA512 | c9940da634d1f8a0556ecc1f5f4e807028c5480627d4a2542253c238a6c9e2a5552e7d06e8c807741fd69ae1a70f24fc9f90755a3fe8673c415f12a7c2ab9c37 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Threading.dll
| MD5 | 94a1a6a5a0ffc66f860f78d076de5fb3 |
| SHA1 | 593893edda64b63cb90e8ef5b778a97eee3e6ea8 |
| SHA256 | 409884ffd47f53efb57c3d0df2e77a0ff30058c2751966b8f02a36c55b6c3741 |
| SHA512 | 8d75dbdfe1c419e3ed56c0f2798118df18f1173b4bc3073fa9fa460bea1da4e2161776813f830cfa1e01601475d269ce844a739e57c4f5d5f17f8f3f5f304eee |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.CompilerServices.VisualC.dll
| MD5 | b5bdfc48cb00712cc4fdfd0b06807cbf |
| SHA1 | 6dba2aae1515f218f997ca7f6f438e4d4437bbb3 |
| SHA256 | aba608e57b8c5bf82b52db4fb04302c29580e872c29731f41a9f18bde71b633a |
| SHA512 | 0a887dc55b89bbf3e6bd19fa4229cc1be4ba95258be2deabd25654de4a083010f3164183df3f2c0173f5f111b83878a0257f57bf38e3b49dfb28f902df5e7f15 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.InteropServices.dll
| MD5 | b86fa37517caa610e3c844e33c3f0340 |
| SHA1 | b26da61ab7351430162d48bc32d5ec23344303b6 |
| SHA256 | c91b7f744a85af95edc5fd9c0d1dcb222cc712e184574debf24a4ec2464dbf4d |
| SHA512 | 0fb0f7c135043813a22e049eb8de047660233e49678e5fd4f019b646e455db18d065c09c81f3b3998fa40afbf985b85966cf79be30500ea513bba71872b16065 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.Extensions.dll
| MD5 | 658ea779cd19c2ba6e65f1c79793d72c |
| SHA1 | fa6c0f53a60bf457d31842426e5dace34ce27809 |
| SHA256 | f00b63582805112e6b0e444d76fa91e836f532d67be6a457cd7cafdec7870d4e |
| SHA512 | c75af64dce124e18a623d84df75e1892faf496e19318152ac3eed80e79b8146e55825b4184b05cf8171c592e9a9e2b1d156cc6ea62695df69df5560939d8e6a6 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\DirectWriteForwarder.dll
| MD5 | c6d0654f83bee8ab869c76cee16a5839 |
| SHA1 | 9e0e37233c807a64917754d2160cdab655816dfc |
| SHA256 | e974b6fdaa432ad52714bba634e6c22375d624c1f82dd7ca0e2bf230b340e150 |
| SHA512 | c84f426f8d4e9fce2aed6b9168b3f7808c333bcd2608c85dcd16e1ace324f357644816d91235455aa524daba423aae5de4315de11da52ec4b2a6db205ea37fd0 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Private.Uri.dll
| MD5 | 85c8cdf1060fcf027e3c1dfe32b3d88a |
| SHA1 | 307bc2fb2cbef8a4ed5bd48fb136f5fc968e7b46 |
| SHA256 | 0dd85d0273ec0f1a5598de915d5bada48391490dda73f2d00043ca79c9db91fd |
| SHA512 | c69568ff6e65a1a537e7a6425d524c9f62b100ad2b40b025f2ad438a76d0352d107a0786d6c769c3389a1a3f41efc5f205723c146f5d4653cdcca44398344a6f |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.IO.Packaging.dll
| MD5 | 960ec7bf7571f93e1fe8a88a0b7daefe |
| SHA1 | 13e88ef6c0b275910fcbef91bab93e028466da41 |
| SHA256 | 42af5552abe6bc9123d39ac42aba4cd8b42d3939c48f15f094cc443a0eb7ecb2 |
| SHA512 | ff7694e8dac2f9a0c6961d548a4b1d28f757fb43e4bafc509a2327e6242e735768071e0f7562caa696c153a33ce450544d7b691272f3e22b7e5f703545253d8d |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\ScheduledTasks.dll
| MD5 | ea0df33fce2f4928e53ec058088930de |
| SHA1 | a7313b23316bb68aec6977e652fc85f48d856aff |
| SHA256 | 3af0fa63edde56201ea480b4967c5a337345fec7c5cb280e2dca5f5ef099d5df |
| SHA512 | 679df169900239cda6241cace2adffbbfedcee1a768ac480fe2b40e240c1420889dfbeeadff62a33079b4052ae214557e0e9c2ea3405260a97d5ac290c9885a8 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Logging.Core.dll
| MD5 | f892a148eaa99028cfe310bbd0fc0580 |
| SHA1 | fba212a58f12356f7f1690a80f8127a43b64fd34 |
| SHA256 | 8f118ad337684dccf53e7496a31406eae330eddf1f73bc756f6f9c1e9598a5fe |
| SHA512 | 20d3aa410e789740ba5c3f9e0b21c03e409e936c721407cb96d254c14f7b8e58bb89fcc2d018c3454f1d9a5f0e855240a1b997b1ddad0d84bded678b70fa5bee |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Logging.NLog.dll
| MD5 | 1665bef8bfa2f167591350e587e251d4 |
| SHA1 | 9143a7df91eb339b36e946861302a3ec6c488505 |
| SHA256 | 871c765ec82460f615777d8e9b4d2a4f64c13f2a48d0750978bc0239d8101312 |
| SHA512 | de6e1d0c3ed47861c7d47dfb1f0245c989b0ff8f856d6dda7c377b5b3bd96a30374f91f938bd2a4f6e1241a2780e473a74773db9f5a23489b49354899a725c15 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Data.Core.dll
| MD5 | 3b4931ece825ac5fcd3f791f8672867b |
| SHA1 | 1ba84e233ee5a506271eac09ed5090cd5fce0061 |
| SHA256 | d074421e0b2a68668d91122ddfa59c1d8c9d4a59ab1029b870f77523d9ecbae1 |
| SHA512 | a679d27a538fb8655c198cf14a7aa0cee87f7341c5b002539a20900f4bfca9a732be39b0bdd641b9e3188a2b5c9dc00b368195626d4007aa6caae70dfe613261 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Data.LiteDb.dll
| MD5 | d4af49eb8ee4352308ad183daf814d6c |
| SHA1 | f66215ecd5a85b53223fbc27a39d0eb002c9d41c |
| SHA256 | eec7569328c0a432ab3621be3f5e512119b193b5db0f1737e257b331d8f645c2 |
| SHA512 | 4c34f43dd3774b04d6b1ece1460545d18df144a4bf845085495a979f88c0f9cb5aaa629507ea29b351567fd7b3e035e77c874926aaf8343eed07eb728ac66268 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\NetUtility.dll
| MD5 | 7bde0e323fa9637a844b3f3eb2aa90e3 |
| SHA1 | b9e920171a08801ff6ebd315da56388c8856b136 |
| SHA256 | 5ed615f18760807b8267f39cb9199379017400d66791a40b61330ca07a256a0b |
| SHA512 | 9e82aae7efb7fd2a48ce67f1b83f3428da6a3b6f3f9d39fb03ce0316f5ad569c54a2919e2353adcdd2de36834a0aec2696f0ed91c36ec1225ed8095cf95e2883 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.Binder.dll
| MD5 | 90e58d5a0eb7af2cf55bb8022821e681 |
| SHA1 | 144c4fa6c3cef6b532ce7b7c3c27753bda514714 |
| SHA256 | c0d2a11b73afc7c8eac5bb1ccf60002e5b132df23a18bd9dc8385eeb7992b283 |
| SHA512 | 7a94e80a09b6dfa069d5c8f89f84d9c63b683a8996e914d66cb7867b5bad9af3a5b723d215fcea276bbd29605837ab357edef2d7876cb72aef9a4d1844e48ea0 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\SharedModule.dll
| MD5 | 9ff76599a30764dfafca48685968291c |
| SHA1 | 9172850003ada2f35fae8a3941df89a316a8a229 |
| SHA256 | 4d1e1451acab0eb106612a1286afd6b96481c5772ad5290933c68187be3d2775 |
| SHA512 | 7811ea71400aeb336e95f1e0b0245ef96a7e183c7d49578057a6aa81b771a3cb3fb5760a8c1c6b8d28c1d93b30a70e1e49b4e1f4ebdd9499d794b9a771787383 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.Json.dll
| MD5 | f632ba94ae101b3a171d59801a2d5c19 |
| SHA1 | 182a3cdc49febc6ce3f96056c399af1311129af7 |
| SHA256 | 476f3fcb02d6c48705c4ab43223d08c42f9b5e2e2ead7e811de2cbdb847ebd34 |
| SHA512 | b074266ec3b4bae741beeeb6fe8c5cdc759c541dd0a90b0ee6082ded8ffcb2bec15717cd1c646746b452a51ea0b08d30dd47b7ba6d647629b374651036b25a48 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.dll
| MD5 | d7ce22d25b8f8ea05f0480291fac550f |
| SHA1 | 783fe3de87c8f617d52f662a6f0219c7fe98ed37 |
| SHA256 | 73cc9885face04b1273818252d3bbda5e5d26c90f0169b93e144225d2bf6f0e8 |
| SHA512 | 59ce8b737e6382bea149bebbe4b26a9c4803978ce8bd59319b5afcf3dd5776e44c0d255ce99a19319175b2e31d61dbcd445f685f69fbf0a25f8f27658b857a07 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Threading.Thread.dll
| MD5 | 58597876acb81e60e07e0ea3949c96ae |
| SHA1 | e55d83806d5db3e11f165c82b48ff51b4971b7a4 |
| SHA256 | 48651fae2bbb243ee55b2a320639b96c3e08f7b62d6601951faeae0b01d9b959 |
| SHA512 | b02a029494d0c1a8e6890ac45dbf92c9d3dc5f23cbcd48381864c7897a6b49515c0327f87c1fa09c3a05b77beb582c6e1d48e847c5f364bc6ee629a5c3539b5e |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Linq.Expressions.dll
| MD5 | 95d02b2f94b5c8b76744912b39750c6c |
| SHA1 | 595ff1421f4675d017c597ee0087b8c776f684be |
| SHA256 | 64b72ffe724559aaf7eea5dadbc545f54bf5971b8c135e7af1185a1de847accc |
| SHA512 | 7b9f929baf978980378b11bdaddc9313bbc8dba0ecb1d455b625c40fde388ca9f5da0f0dd1819f24f547b01551f3c546d077fd509439d1435e06fb792e038614 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Extensions.Configuration.Abstractions.dll
| MD5 | 134885709f7087d3a1bad3108179578a |
| SHA1 | c524c7d46a343b75a64bf52b19e3c70c453f9061 |
| SHA256 | e4eb5eb7e28a5548cd904fe1a9c3569adef91f52b654db8a3c56a0a5177a09eb |
| SHA512 | 8d7016036e22e32cb5d34725d5b07667964ca593c78b986807ee45e09fe498145b8fcfcd46e28f1aa1afbe78d3e0eb14d3b08cfd51060bdef389b92cc1c5e974 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Runtime.dll
| MD5 | 7762aed99d5f783862b71f1855da2653 |
| SHA1 | 24a603bb513479617997553f3d2e672e8594228d |
| SHA256 | df44ffe9a56d13d8d6fc3c70ded4beaafa69f4f29a3ee1518d3ec17e4699df93 |
| SHA512 | 39a0bf11761efa6a7117a0c18ff86bdc0000cd2af23a40780af85d955b0b0a8b54e73aa543533f2695de3e939f0a13062379e1c745f08eeb907179d75d5d8177 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\WindowsBase.dll
| MD5 | 60c031c6fd9d6b6a4354c0f6c50e94d4 |
| SHA1 | 6035580a7f1d0b3e3cd91b48a38f53508c1ea207 |
| SHA256 | 3a3331529c0892451861836be2155922f4b0084d211b277350c37bc9f4e418e2 |
| SHA512 | 1eea773c66ccba761d6a2a2706d2392beaa8e990c72060b1977e05aea3ea8e97d1cef1a7ce15a8d3dfabedb18ee667182ba70014d653b9209cab1ec9cee35462 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\PresentationFramework.dll
| MD5 | 5203240d7ad2c3e409744734f1290ab8 |
| SHA1 | 18587b38ccd93a1768cec6c9e60236ce17e119fd |
| SHA256 | d380a13fee2fd6ae8f3b82bea420e76795f0a3c2d71ceb45dc5e22fd65042bbe |
| SHA512 | 398069622298b0cc4974662b3bdb5ddd74c4332fa36b43fd728bfe4fe5ca08282e05db1c08bedd6fd8152577e6705f2a373c5b2b33a15d5a83c89ccb0fcba2d4 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\System.Collections.NonGeneric.dll
| MD5 | 79e9657babee887d62ae9c44198f29f9 |
| SHA1 | 17c6b6adc4b4d20c32a7638ca9e85e3771ca5524 |
| SHA256 | 24fe635ff8d1e905a14bef0ce046793f10adf8c4b074a428072a96c1f86b53fb |
| SHA512 | 88a86c7a29153032e7d2dd918dbe7402fdfc923e6b26e4af16730ab013f0869bdf814c96ff4590b06de214d4893f16742f9d1a158d9e6f46837ee4145c3e7878 |
C:\Users\Admin\AppData\Local\Temp\.net\cMAM_3.7.8\z9+qBM3QyqcshiMJNHgQ4J1A9qJhHhM=\Microsoft.Win32.Registry.dll
| MD5 | 5b3c45bc7caecb3f3888a1b205cc4f31 |
| SHA1 | 23f5c915b199f091e4acdd4dbd2a09dca4b4daf9 |
| SHA256 | da9306ede2cad443b97a674671874d9cc7be14c51abc697c8cb1024bac0fbb4e |
| SHA512 | 86528256b2747baf915b47b4066035b9f012e816eded6338aa2e830433131d3ed1030dc0d1e0b4d04feb17a1e2ec594e28ee51be8b6a21e745cd0f0caea5bf82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 92f346b4216e4b6023cc17a353fac8a6 |
| SHA1 | 265f834fb21e8e1725eee216b00e295add1b6e8e |
| SHA256 | 056a4a71c5141c90bf65aaf3709b9c57c6b13bc1d4ed0ad9d2a6e345b1b7a025 |
| SHA512 | e3f680f9e8127e203242feb1d41800b90ce5f2eee45ad5a63b0d635b7d6e90a1ba4c9e9f8d24361ef184665b070b6828cd931b299c6f0e5fcada8ae99601500a |
memory/1116-891-0x0000000000E90000-0x000000000170D000-memory.dmp