Malware Analysis Report

2024-11-30 02:16

Sample ID 240327-vsemyagg66
Target https://github.com/Xander3434/SKRIPTGG-FIVEM?tab=readme-ov-file
Tags
rhadamanthys persistence pyinstaller stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Xander3434/SKRIPTGG-FIVEM?tab=readme-ov-file was found to be: Known bad.

Malicious Activity Summary

rhadamanthys persistence pyinstaller stealer upx

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Loads dropped DLL

UPX packed file

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-27 17:14

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-27 17:14

Reported

2024-03-27 17:16

Platform

win11-20240221-en

Max time kernel

52s

Max time network

55s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 3468 created 2556 N/A C:\Users\Admin\AppData\Local\svchost.exe C:\Windows\system32\sihost.exe

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Windows\CurrentVersion\Run\Update64 = "C:\\Users\\Admin\\explorer.exe" C:\Users\Admin\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560333151871935" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\SKRIPTGG-FIVEM-main.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe:Zone.Identifier C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2788 wrote to memory of 4056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 4056 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 1892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 1892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2788 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Xander3434/SKRIPTGG-FIVEM?tab=readme-ov-file

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71de9758,0x7ffe71de9768,0x7ffe71de9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_SKRIPTGG-FIVEM-main.zip\SKRIPTGG-FIVEM-main\Skript.rar"

C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGcAaQB6ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHgAZgBnACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHoAcgBnACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGQAYQBjACMAPgA="

C:\Users\Admin\AppData\Local\Temp\explorer.exe

"C:\Users\Admin\AppData\Local\Temp\explorer.exe"

C:\Users\Admin\AppData\Local\svchost.exe

"C:\Users\Admin\AppData\Local\svchost.exe"

C:\Users\Admin\AppData\Local\Temp\explorer.exe

"C:\Users\Admin\AppData\Local\Temp\explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\activate.bat

C:\Windows\system32\taskkill.exe

taskkill /f /im "explorer.exe"

C:\Users\Admin\explorer.exe

"explorer.exe"

C:\Users\Admin\explorer.exe

"explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=748 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=744 --field-trial-handle=1856,i,15691179753510776645,15795851274177222192,131072 /prefetch:8

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.6:443 api.github.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
DE 140.82.121.10:443 codeload.github.com tcp
N/A 224.0.0.251:5353 udp

Files

\??\pipe\crashpad_2788_DEPCNSNKQIVWQQUW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 abc87457e2bf86c1297021067e7281fc
SHA1 805388a2fa900ac28b937ace125a4d4f8afa53f5
SHA256 598aef6bbe39ea21f988cc192317059c15b01c24ed5b24ebf454d2203d9de646
SHA512 d55740f7437f3be13e265ae07c3665f552577f14b6f93549574634e0d622591ffcae10d9eab52ddb0a3a6b045886b8e6c865d34f972a0b8e6c088309655d87ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\Downloads\SKRIPTGG-FIVEM-main.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b28cd8c7e1baeb92f287f7196c914e23
SHA1 d927d1cdb6e794a910be1bc89d1ca3b0560a5bec
SHA256 72305b3328e72ec38dcd18b8889476aaf062b3bebe17f2a61b3edfffb0bc48cb
SHA512 b7b4a26703887ea56ba5cdbd8f2e362494eb14d6156e5e2cfeec3c0cfa54f465ecc2b99f71597a1c17e6819623d26323f58d2f004f90076ee0cd2c31c7e9d850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8ddd319b049fe44ccb8f4fa8fdcfbad
SHA1 1f8e742313155c6fb083cf64a995086909806eb8
SHA256 2b4d5abbdeb883bb460c522698406f7b25b6d072a2f92782a1525c088d9a7454
SHA512 f7acc0167ad42764a43630727e3b82c52c6c2943ca5ff5395ded55dccc24cf5a8f94667efa8e067ee873b6b555944e769e406720275ebccffea558054680fd9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6184a0a3dec1c7d2d138d19db7db363
SHA1 21be18aaf810db19e74fe9ae4c9182f50feaafdc
SHA256 ac2d1370a61c0c54f9996fc98fadf7ebc87a5abbb0f1e8f1ea68d652f08bca10
SHA512 f28afffb7f9731b40e1df7461e130a70226ce86b3eb1c74d2e13b6295d0b1e8f620b88e299d1ba9db0de654783c425a7681977e2439fb3b2696a32587c77cdc9

C:\Users\Admin\Downloads\SKRIPTGG-FIVEM-main.zip

MD5 5e65bdca353aeabd62fa725b97e4bcf9
SHA1 045b32c4f5c08e0de0df3a9b519ef5cfa71f5194
SHA256 38c5b0767ba5a3b10ad9a158b3493ae24096c2993994b06783d8f7266e3b4bc2
SHA512 93544f6643222df73bdbb5c8bb08c07f9c595c9c83e8d96066fb73b86d165f1f742bd79e656d5fcc80b4258fd8d566cbb3a44c23fa4e4bb5f5d49a3459dba075

C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe

MD5 465669a572d077471d1b1a3a2ea11f78
SHA1 49ec69d4c986c778cbef3ffa9c72116eda8be10a
SHA256 c5999468752a61442001b68405c29f509e82a7167d354e427bcc870f7b368324
SHA512 56619cb7c58bd5996ce5a0a952adfffb520653c4de328b478adb04c61d767ace9bf1ce7b5936cc3131680ca59f3b7ae850be5d883856835bad99fe4ca1a3115a

C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe:Zone.Identifier

MD5 3c41410c4fd694c8ba99ecec4c6eff11
SHA1 2b676e157e187af40d7d127ef810283e290cf96c
SHA256 9a854108a2e693f3dd049bbe3c7bae7a4894eed071c285783cbe3962550395dc
SHA512 365a9840e3e514a5a5998590dd73b418d3609a88db56a25bb04fed632040cc3f73e6aa9f96b9e98a7d1508b1b6a9c72147b143f1d2cac2bcf1ce3371bec815f3

C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe

MD5 2bb02618abeccb4271f39f581afc6003
SHA1 fd51a6177b75a183f83faa07b85b26eafa56a354
SHA256 f2c2b91972e1dc86e82f64506ddc242474e372a1fdd7ecac56679bb413a3d95d
SHA512 46ec6395a84c5de201f0a80930686bea641e74188522b200a40b38eca5dce14dda4c21d6e65199dc95aea1714a237e4c9fbb7c72db2214280019a074111aaffa

C:\Users\Admin\AppData\Local\Temp\7zO8141FAF7\launcher.exe

MD5 cf14aa6e5982a60e6ef39db5964221b2
SHA1 e29a62c89f9084279a854f3208ce234b88e85ae0
SHA256 b0b9526fedf665f68c8a74f20ae2e5b2098f6176684f4fc41d75c4ae2663e75b
SHA512 9cc0f5fdb6dd02fe97b7bcac65d46bf30c32518c8612991108e9e9893158ace87437b05d4e520550be7c55f5a7de7e9b6c1fc8357422daeeefbd7efc39c14770

C:\Users\Admin\AppData\Local\Temp\explorer.exe

MD5 28d79a17cd998d636f3092537ef55055
SHA1 7cbabad3034268f723103981eee6bfdd19b87386
SHA256 36ecac8ab3ebccbe532cb112dbb71658c66a1dc491cb14e54419ad9082fac2e2
SHA512 07b4f297dd4333bb5014462c23c4020f3c68f66fc78b8316c53b63ca4add13dc737334c94cbe5d22970ec283e45fa2e501593634fbb0830f28fa2a4051af1689

C:\Users\Admin\AppData\Local\Temp\explorer.exe

MD5 79a10cb36cbec1e8cd50ffa90e5f8197
SHA1 dd830d2cc28e2940e80f25143032a0e4985fbd80
SHA256 372a4508297b9546c967b67cb2abd4005dc73aeb54258f6a075f49eded5cd7b7
SHA512 5c596d65baa2d5a610d4a2ce372a23795762928debfb90a579fa21d8398578e3d46a345b0a49969d8864375a437d0b46e467bbfb15e7fe9b01173435e75bf08c

C:\Users\Admin\AppData\Local\svchost.exe

MD5 8a6f1580a5b9b94d7cd47cc6b1af1b9a
SHA1 e68768afd59e18091d345cb300e859572e8d4c5c
SHA256 bb1464e75c750d90c0c49d148c9e64eefe0c29b2f670d708c8085ddd3104dbfe
SHA512 1663a9e0868b3f5d7e1edd30259024e419c2d190ec8c31e76e66aef0c8a0e02da0c829584214b9e2f76cbd349a53bf77d01d03e9b0e9c8a99eb18021b1d53309

memory/3468-224-0x0000000000DE0000-0x0000000000E4D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\explorer.exe

MD5 c507a34241e66fe6506b155f5d722d46
SHA1 f4f8488f95342f9355cae76951e7e9f77a5b1ac1
SHA256 ff9a68735435585525e7ac0885c717b202a6b9efd8902f04c3754e6a717bfafa
SHA512 7f5adf399e4dc3e4112a475ba2824e6dde82aa476b800e05bfc0ef7d2339863ceac9d579e1e1bcbf2d822427a8af15ef041ce1794b43b4fecb3764c6d27c9d6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2f5c306c67fdbb6fa1f89107b31956c
SHA1 19b0a4b076842ec0992e9ac69ceb7b906cca9987
SHA256 d6652e8ff910dd6ed47306796d48b675f323b71fd317b1f7f23657510de075b4
SHA512 5e58e0f647056485ea419ee18363a0ea0d76aaaa6ef87b6aadf519c09aec80a17cda3487b082f2e2a4bc79de840d67ae8f978b57dedef2191561430554e212dd

memory/692-239-0x0000000072FA0000-0x0000000073751000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI10762\python310.dll

MD5 12be9e904b6e7695fab14cadd8312c42
SHA1 36a7aed1a00a6001a30909ad66c769dac2f410a0
SHA256 30b1a69e4849812296ace5d43620a59ed348be86f75bf23d5a5ee96b08b531cf
SHA512 c48914063e109da3735dbe1eacba4386f4e5ddaaddd654d8eb6354168f5f7bb01a975f6ca199bbda8517a204ea5aad53000331ff64164c0ea37084307247a4ba

C:\Users\Admin\AppData\Local\Temp\explorer.exe

MD5 4de4d85fe66551584dd024cdfedd99a3
SHA1 16e5d998d2481573aa8cd9b56dfaf778dd6f1391
SHA256 81b033e5ba8d54c91cbe9c74307d6e76711ea8f8142e8fad5d540507d64fdd6d
SHA512 138381294ee0e94502126973b5f2098fd53edf0b7dd16d31fabc2bdb225e7594d78ed9912e17a5adcf81b2c3b96a669bc62bb46c0be0cc62dfdaf7bbc7a7eba6

C:\Users\Admin\AppData\Local\Temp\_MEI10762\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

memory/692-244-0x00000000028C0000-0x00000000028F6000-memory.dmp

memory/4872-246-0x00007FFE5C6C0000-0x00007FFE5CB26000-memory.dmp

memory/692-247-0x0000000004B10000-0x0000000004B20000-memory.dmp

memory/692-248-0x0000000005150000-0x000000000577A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI10762\_ctypes.pyd

MD5 48ce90022e97f72114a95630ba43b8fb
SHA1 f2eba0434ec204d8c6ca4f01af33ef34f09b52fd
SHA256 5998de3112a710248d29df76a05272775bf08a8dbc5a051a7ecb909fef069635
SHA512 7e6c2591805136f74c413b9633d5fdc4428e6f01e0e632b278bee98170b4f418ef2afd237c09e60b0e72076924ed0e3ffb0e2453e543b5e030b263f64568fab8

C:\Users\Admin\AppData\Local\Temp\_MEI10762\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/4872-262-0x00007FFE5FF20000-0x00007FFE5FF44000-memory.dmp

memory/4872-263-0x00007FFE770F0000-0x00007FFE770FF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI10762\_lzma.pyd

MD5 7c66f33a67fbb4d99041f085ef3c6428
SHA1 e1384891df177b45b889459c503985b113e754a3
SHA256 32f911e178fa9e4db9bd797598f84f9896f99e5022f2b76a1589b81f686b0866
SHA512 d0caabd031fa0c63f4cfb79d8f3531ad85eda468d77a78dd3dde40ce9ac2d404fc0099c4f67579aa802fe5c6c6a464894fd88c19f1fc601f26189780b36f3f9d

memory/4872-271-0x00007FFE70D60000-0x00007FFE70D78000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI10762\_bz2.pyd

MD5 f6e387f20808828796e876682a328e98
SHA1 6679ae43b0634ac706218996bac961bef4138a02
SHA256 8886bd30421c6c6bfae17847002b9bf4ee4d9eee1a3be7369ee66b36e26c372b
SHA512 ad7cf281f2d830f9dbf66d8ef50e418b4a17a0144b6616c43d7e98b00e6f0cbafc6fe4aba4fabf2f008bb0df85553614b38ae303e5726621a804051d950e744e

memory/4872-272-0x00007FFE5FEF0000-0x00007FFE5FF1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI10762\_socket.pyd

MD5 0dd957099cf15d172d0a343886fb7c66
SHA1 950f7f15c6accffac699c5db6ce475365821b92a
SHA256 8142d92dc7557e8c585ea9ee41146b77864b7529ed464fdf51dfb6d797828a4a
SHA512 3dc0380dfc871d8cab7e95d6119f16be2f31cdde784f8f90ffddd6a43323a2988c61e343eede5e5cb347fc2af594fe8d8944644396faf2e478a3487bcf9cf9ee

memory/692-273-0x0000000004EE0000-0x0000000004F02000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI10762\_hashlib.pyd

MD5 13f99120a244ab62af1684fbbc5d5a7e
SHA1 5147a90082eb3cd2c34b7f2deb8a4ef24d7ae724
SHA256 11658b52e7166da976abeeed78a940d69b2f11f518046877bea799759a17f58b
SHA512 46c2f9f43df6de72458ed24c2a0433a6092fd5b49b3234135f06c19a80f18f8bdbfb297e5a411cf29f8c60af342c80db123959f7317cfa045c73bd6f835eb22d

C:\Users\Admin\AppData\Local\Temp\_MEI10762\_decimal.pyd

MD5 2030438e4f397a7d4241a701a3ca2419
SHA1 28b8d06135cd1f784ccabda39432cc83ba22daf7
SHA256 07d7ac065f25af2c7498d5d93b1551cc43a4d4b5e8fb2f9293b647d0f7bd7c72
SHA512 767f2a9f9eef6ebeca95ab9652b7d0976f2ac87b9e9da1dbd3c4ccf58e8ecb0da8242f4df0b07612282c16ba85197ed0296d1052027cd48b96d61bdf678abaad

C:\Users\Admin\AppData\Local\Temp\_MEI10762\unicodedata.pyd

MD5 dfa1f0cd0ad295b31cb9dda2803bbd8c
SHA1 cc68460feae2ff4e9d85a72be58c8011cb318bc2
SHA256 46a90852f6651f20b7c89e71cc63f0154f00a0e7cd543f046020d5ec9ef6cb10
SHA512 7fbdfd56e12c8f030483f4d033f1b920968ea87687e9896f418e9cf1b9e345e2be2dc8f1ea1a8afb0040a376ffb7a5dc0db27d84fb8291b50e2ed3b10c10168e

C:\Users\Admin\AppData\Local\Temp\_MEI10762\select.pyd

MD5 5c66bcf3cc3c364ecac7cf40ad28d8f0
SHA1 faf0848c231bf120dc9f749f726c807874d9d612
SHA256 26dada1a4730a51a0e3aa62e7abc7e6517a4dc48f02616e0b6e5291014a809cc
SHA512 034cd4c70c4e0d95d6bb3f72751c07b8b91918aabe59abf9009c60aa22600247694d6b9e232fefff78868aad20f5f5548e8740659036096fab44b65f6c4f8db6

C:\Users\Admin\AppData\Local\Temp\_MEI10762\libcrypto-1_1.dll

MD5 e5aecaf59c67d6dd7c7979dfb49ed3b0
SHA1 b0a292065e1b3875f015277b90d183b875451450
SHA256 9d2257d0de8172bcc8f2dba431eb91bd5b8ac5a9cbe998f1dcac0fac818800b1
SHA512 145eaa969a1a14686ab99e84841b0998cf1f726709ccd177acfb751d0db9aa70006087a13bf3693bc0b57a0295a48c631d0b80c52472c97ebe88be5c528022b4

C:\Users\Admin\AppData\Local\Temp\_MEI10762\base_library.zip

MD5 483d9675ef53a13327e7dfc7d09f23fe
SHA1 2378f1db6292cd8dc4ad95763a42ad49aeb11337
SHA256 70c28ec0770edefcef46fa27aaa08ba8dc22a31acd6f84cb0b99257dca1b629e
SHA512 f905eb1817d7d4cc1f65e3a5a01bade761bca15c4a24af7097bc8f3f2b43b00e000d6ea23cd054c391d3fdc2f1114f2af43c8bb6d97c1a0ce747763260a864f5

memory/692-274-0x00000000057F0000-0x0000000005856000-memory.dmp

C:\Users\Admin\activate.bat

MD5 fbcbd43fa00e29f002495e4ab2dc4782
SHA1 75aad7a3fa21226bf37ff89da953743d2b650dc0
SHA256 7a58a034c76b65053744b7d2a443e487e1993aab50642a62f7f388d223e5f648
SHA512 4f26971331fbe1d40e65d493f9417ebcca5e331b61285da2575629b7cd57bdb35ec480cf3ef9a1df48c949360ba9038797575a6181d79b52e1092e4f98bebb3e

memory/692-276-0x0000000005860000-0x00000000058C6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yvsi12g1.pdb.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/692-285-0x00000000058D0000-0x0000000005C27000-memory.dmp

memory/692-287-0x0000000005DA0000-0x0000000005DBE000-memory.dmp

memory/4872-286-0x00007FFE5C6C0000-0x00007FFE5CB26000-memory.dmp

memory/692-289-0x00000000062E0000-0x000000000632C000-memory.dmp

C:\Users\Admin\explorer.exe

MD5 a606769bd3abf93c9dda7abe71b7efb3
SHA1 96b1792b80e1d367b762dabbb4f919997ab811c8
SHA256 d54fa13b463d70e90769a9ef3af2d4b4cb3aac75d91fc51334d89c55d562c3f0
SHA512 6cedf6054f9fed4ee011d2015a06fa50685f1b48ae70222d357868e6d7ec4909f571e7bde6d79f17f06aa0625633131bcd2eeed49533978c413ee9cd1029ae00

C:\Users\Admin\explorer.exe

MD5 43f2654a11a6c401cc6f269c8927e360
SHA1 5cf8827830e6a6a627343aca41d891688b85552f
SHA256 10e5693d73b2d5ec2aedb9dcd5a3e9e90c418a4f7301873830329c6994e9016c
SHA512 f4aa1c404dd3c1f773955ddc77f3934803d463da5fd128ea125e51e31a6fbf2cb7daaa2a934108fd3016af1f45bccd181ab00ada5d58428f16e8a0ea3473e575

C:\Users\Admin\AppData\Local\Temp\_MEI49282\python310.dll

MD5 3f782cf7874b03c1d20ed90d370f4329
SHA1 08a2b4a21092321de1dcad1bb2afb660b0fa7749
SHA256 2a382aff16533054e6de7d13b837a24d97ea2957805730cc7b08b75e369f58d6
SHA512 950c039eb23ed64ca8b2f0a9284ebdb6f0efe71dde5bbf0187357a66c3ab0823418edca34811650270eea967f0e541eece90132f9959d5ba5984405630a99857

C:\Users\Admin\explorer.exe

MD5 b90af67ccf0424689dc404df631672ea
SHA1 7e406e8af1a496a41c0d3630e35ca50ed4ba017e
SHA256 b655ee09fc533c10cdf7a8ac06b914614a6a1bc6896ba01b312162ba64aec05b
SHA512 dcc64df0c38ca857b7510718f9176861feb8de55abed09a534660dfbc92a897119c7a555a3571a71f6e59e21175507e14c0d5f884ebbd93cc4b68a9e6c7a743d

memory/4472-314-0x00007FFE66A60000-0x00007FFE66EC6000-memory.dmp

memory/4472-335-0x00007FFE75440000-0x00007FFE75459000-memory.dmp

memory/4472-337-0x00007FFE770F0000-0x00007FFE770FD000-memory.dmp

memory/4472-336-0x00007FFE771B0000-0x00007FFE771DC000-memory.dmp

memory/4472-333-0x00007FFE771E0000-0x00007FFE771F8000-memory.dmp

memory/4472-330-0x00007FFE77200000-0x00007FFE77224000-memory.dmp

memory/4472-328-0x00007FFE7B010000-0x00007FFE7B01F000-memory.dmp

memory/3468-339-0x0000000004200000-0x0000000004600000-memory.dmp

memory/3468-340-0x0000000004200000-0x0000000004600000-memory.dmp

memory/3468-341-0x0000000004200000-0x0000000004600000-memory.dmp

memory/3468-342-0x00007FFE80620000-0x00007FFE80829000-memory.dmp

memory/3468-343-0x0000000000DE0000-0x0000000000E4D000-memory.dmp

memory/3468-344-0x0000000004200000-0x0000000004600000-memory.dmp

memory/3468-350-0x0000000075620000-0x0000000075872000-memory.dmp

memory/3656-351-0x0000000000E90000-0x0000000000E99000-memory.dmp

memory/3656-353-0x0000000002D00000-0x0000000003100000-memory.dmp

memory/692-354-0x0000000072FA0000-0x0000000073751000-memory.dmp

memory/3656-355-0x0000000002D00000-0x0000000003100000-memory.dmp

memory/3656-357-0x00007FFE80620000-0x00007FFE80829000-memory.dmp

memory/3656-359-0x0000000002D00000-0x0000000003100000-memory.dmp

memory/3656-360-0x0000000075620000-0x0000000075872000-memory.dmp

memory/692-361-0x0000000004B10000-0x0000000004B20000-memory.dmp

memory/692-362-0x0000000006D90000-0x0000000006DC4000-memory.dmp

memory/692-372-0x0000000006370000-0x000000000638E000-memory.dmp

memory/692-373-0x0000000006DD0000-0x0000000006E74000-memory.dmp

memory/692-363-0x00000000744B0000-0x00000000744FC000-memory.dmp

memory/692-375-0x00000000070E0000-0x00000000070FA000-memory.dmp

memory/692-374-0x0000000007720000-0x0000000007D9A000-memory.dmp

memory/692-376-0x0000000007160000-0x000000000716A000-memory.dmp

memory/692-377-0x0000000007380000-0x0000000007416000-memory.dmp

memory/692-379-0x00000000072F0000-0x0000000007301000-memory.dmp

memory/692-378-0x000000007EFB0000-0x000000007EFC0000-memory.dmp

memory/3656-380-0x0000000002D00000-0x0000000003100000-memory.dmp

memory/3656-381-0x00007FFE80620000-0x00007FFE80829000-memory.dmp

memory/692-382-0x0000000007330000-0x000000000733E000-memory.dmp

memory/692-383-0x0000000007340000-0x0000000007355000-memory.dmp

memory/692-384-0x0000000007440000-0x000000000745A000-memory.dmp

memory/692-385-0x0000000007460000-0x0000000007468000-memory.dmp

memory/692-388-0x0000000072FA0000-0x0000000073751000-memory.dmp

memory/4472-389-0x00007FFE66A60000-0x00007FFE66EC6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\54a9cb04-5113-456e-9a1d-b55effe3d08e.tmp

MD5 9f1a6445367cc4d103ea23ba6a25d29e
SHA1 acb7b4221643e8ab3adc4be490cfb17985ac6e0b
SHA256 d789cbe774d21c88d503b142c845a1428f9869e0aa051f76f52feab4d02f0e9a
SHA512 7229ea66a082b776a7adde6748131bef0854f8b0c61cddbb1655bee3cb2a3e83fba2b4c002609a3c34c80cb8a21d3f00c1b025fca97096e5568ddb4c145e0f13

memory/4472-399-0x00007FFE66A60000-0x00007FFE66EC6000-memory.dmp

memory/4472-400-0x00007FFE77200000-0x00007FFE77224000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7522e7a039345eb7b386b855a08ef962
SHA1 3f545710518e677018462d60951c0355dcc10550
SHA256 ccc46d5ddb5da4e7f92bd4507bdc36ec0845273c50a4d96d161970301c929442
SHA512 259ba46342963c4f76309213264d5d85549a03c9029749c73c1a55dfc38aef22115dce1c5e4c8d90b7cdac53abbfb5bf881fd57d7f77ebb67f594f826eb9ef75

memory/4472-415-0x00007FFE66A60000-0x00007FFE66EC6000-memory.dmp

memory/3468-422-0x00007FFE80620000-0x00007FFE80829000-memory.dmp