Analysis Overview
Threat Level: Known bad
The file http://telegra.ph/MOD-MENU-04-22 was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
RedLine payload
RedLine
Executes dropped EXE
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Modifies registry class
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-25 16:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-25 16:58
Reported
2024-04-25 17:03
Platform
win10v2004-20240412-en
Max time kernel
324s
Max time network
325s
Command Line
Signatures
Lumma Stealer
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\rebild mod.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\rebild mod.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3456 set thread context of 3736 | N/A | C:\Users\Admin\Desktop\New folder\Loader.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe |
| PID 1120 set thread context of 4928 | N/A | C:\Users\Admin\Desktop\New folder\rebild mod.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585379032512657" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://telegra.ph/MOD-MENU-04-22
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b0d7ab58,0x7ff8b0d7ab68,0x7ff8b0d7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2388 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3464 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4708 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5468 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5036 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Loader.rar"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\MedalLauncherLog20230923.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\GameVersion.txt
C:\Users\Admin\Desktop\New folder\Loader.exe
"C:\Users\Admin\Desktop\New folder\Loader.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Users\Admin\Desktop\New folder\rebild mod.exe
"C:\Users\Admin\Desktop\New folder\rebild mod.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telegra.ph | udp |
| NL | 149.154.164.13:80 | telegra.ph | tcp |
| NL | 149.154.164.13:80 | telegra.ph | tcp |
| NL | 149.154.164.13:443 | telegra.ph | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edit.telegra.ph | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.32.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.250.30.184.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| NO | 54.230.241.75:443 | cdn.amplitude.com | tcp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.241.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| GB | 142.250.187.234:443 | translate.googleapis.com | tcp |
| US | 35.160.255.210:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 184.30.45.27:443 | ads.pubmatic.com | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| NO | 54.230.111.4:443 | tags.crwdcntrl.net | tcp |
| IE | 54.78.246.130:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.220.145.120:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.213.3:443 | www.google.co.uk | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| GB | 216.58.213.3:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.255.160.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.45.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.246.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.145.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.111.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ut.pubmatic.com | udp |
| NL | 185.64.189.226:443 | ut.pubmatic.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.189.64.185.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 104.16.53.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download1648.mediafire.com | udp |
| US | 199.91.152.148:443 | download1648.mediafire.com | tcp |
| US | 199.91.152.148:443 | download1648.mediafire.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 148.152.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| NO | 54.230.111.70:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | 70.111.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 52.29.73.130:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 4.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | 130.73.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| NO | 143.204.55.84:443 | static.hotjar.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| GB | 23.73.138.211:443 | snap.licdn.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.55.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.138.73.23.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | productivelookewr.shop | udp |
| US | 172.67.150.207:443 | productivelookewr.shop | tcp |
| US | 8.8.8.8:53 | tolerateilusidjukl.shop | udp |
| US | 104.21.89.202:443 | tolerateilusidjukl.shop | tcp |
| US | 8.8.8.8:53 | shatterbreathepsw.shop | udp |
| US | 8.8.8.8:53 | 207.150.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.89.21.104.in-addr.arpa | udp |
| US | 104.21.95.19:443 | shatterbreathepsw.shop | tcp |
| US | 8.8.8.8:53 | shortsvelventysjo.shop | udp |
| US | 104.21.16.225:443 | shortsvelventysjo.shop | tcp |
| US | 8.8.8.8:53 | 19.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | incredibleextedwj.shop | udp |
| US | 104.21.86.106:443 | incredibleextedwj.shop | tcp |
| US | 8.8.8.8:53 | alcojoldwograpciw.shop | udp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 8.8.8.8:53 | 225.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | liabilitynighstjsko.shop | udp |
| US | 104.21.44.3:443 | liabilitynighstjsko.shop | tcp |
| US | 8.8.8.8:53 | demonstationfukewko.shop | udp |
| US | 104.21.33.174:443 | demonstationfukewko.shop | tcp |
| US | 8.8.8.8:53 | 106.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.33.21.104.in-addr.arpa | udp |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | 142.156.15.45.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4976_MFNJVTKETVZNXHXY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 813ce32bc71c65411e88358c6dd4a8d8 |
| SHA1 | 3afc1e105febeb59996008d47b1f6425f689677c |
| SHA256 | 54e1670032f4eec7e166cc1bf85e2678d2569175b6f1961a89d9277d136ec399 |
| SHA512 | a25d19d0d071cb1f11751ff3f933d21227f65a41d5087efe3cc313d6c808f81e179b61059886ae98761fcd54a5e49e80ee5b3b64f815293b3c8b79d7416028cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e6362844a9e5d37b4f08f5ae170f813 |
| SHA1 | 08ffd6fb8929d31f3ff5a02b271c33bdab2205c1 |
| SHA256 | f85e971c602309fb30be06b044c293a7387f21c158f216fb6e433112c8bf9796 |
| SHA512 | ef917a2b5d701892b339b67937df39c787ac32e5f2e052f18c0a413e991b7011c6dbbd1a3a277cebdc1f163ce46eb9588ffe31a818ca65f25e62c36d17fb43fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 900e47783d41d5d3aff300168e537bad |
| SHA1 | 002409aa017e240f2271b33f9ad2917f1d057ef1 |
| SHA256 | f498a017b2c8c8e27e50626798e4d70070edec49f2b78b9de44b8f7acf82d515 |
| SHA512 | 5b62a803245b02676fcadf15ce942407a79005ac5377bd8f30a53c52e5f48dd804d16260124683e313b41f58b37329a8fa3e6d314b8657ae581b2eee1e4fe2a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65384fa8acc2a027783235734f03667e |
| SHA1 | fbba9022b68cecddd30c6e2c80119987fb847c76 |
| SHA256 | 8857487894dca43fcbeb03fa1d5a77a20f46567495826c4fc9e4a2370078bf70 |
| SHA512 | 4dd625d5634a2cd5b85b51ab10e09b1394e589777132784a61e1eaa00da46447ccc430602db3eb7feaa9fa6cefe9082332c5bb54057472bc888a88ab55e64a27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4e0ee45cd9448ad3d6699d8454b1660 |
| SHA1 | 722c226c13691e90157b415aced4fe6a04079494 |
| SHA256 | 1d71417343320ba2dd3bb4a60bf9c4054859b7155a21d0818b8cecbd78ec3673 |
| SHA512 | 814b44f96314a296ca89036f42a368ab1de8c697db7179f3539f3e471cd1fa7be19f47c102113698d9b7c99673cb78b1a55b4480f825d187d7f7b0d280388ffa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4c31e4dc31b66a19055e615636daf036 |
| SHA1 | 96c8f250ef81b8f59f7108fa765d7d6bb73a7889 |
| SHA256 | fd25e47fc03473e76691a8b4c6d323c24849d1e9a51aab9c7dd51be188d33289 |
| SHA512 | 26efe59aab9961cc13be03c70f5f798b8f32644f433bd648c367f9dbaf478f5e092096261c089b1dd2e6af90c375d27b91e4a5744db38f044c2b9557783465d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7023f81e4e5487f7c2730bd15a0d23d3 |
| SHA1 | 58fde3e47fe0c7c6324b3b5db90bbc827d4e44b8 |
| SHA256 | 675b13a03f8ca4d1fcc27c9b638992579f6faf07e6653c51bfec91ed1da11ae4 |
| SHA512 | 71ba98757eacb863555910d3641097c2ba8ccddb8fd397ad344292f71dc8e5a208e0878115730811cced5ea40e40483d850c3224295a64306c99123250938e24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ac730e5c34a96885fd49ef54d54ad716 |
| SHA1 | d5cded51e706a7903295c752835163a51adcbdd3 |
| SHA256 | b72d2c546d878f83170846d13200935cd1a1077baa83b9aebd011b11d544fe5d |
| SHA512 | 64212e90a2da445b3217aee855d151a48dd2ae857324ac4a4057aeb1cde85cfad354eb69047909db0028808d403d333f28a7ae82d95ec2d5b480cf83316115d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57eef4.TMP
| MD5 | b6ff30eb88a05182baec27377bc7c86f |
| SHA1 | 083c7803652560a5314dd9d09d8ab0195ba1e26c |
| SHA256 | efb03d129c4cbfebfc2ff1313bbe9b8c5348d06fd2f6544e7a022da93373662a |
| SHA512 | 367f57205e2b8e180559c623e4f0cd78ff536747f4db0f2fcbd3bacf18639ff674fcfcfd562cc72b57096c8f0d6587b02edb516a0cefc1f724c3b13b71c10670 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | a251e7d8920ad0ae50087d3903f218d1 |
| SHA1 | 89a40725b1fec22d61561b2286720638ac0f6625 |
| SHA256 | 6045f9f01ec3f769a595569f236cec5f057170f13aa5c7f8f01df1cd687725d5 |
| SHA512 | 0b3c16211e1da01608cab5853c907f5c061d22aad2f83aa990fd5e27b08cca8147c0b0f02af9c91e10b7dd8f9d658360a0d73900b0c101fd2a6758386007bc7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 23d38244ac93073430bb946438b4d9f5 |
| SHA1 | d1b1fff9474cf760e32cc92b8306da39eb09da7e |
| SHA256 | e64e85c337bb125dfbba32fd744b5413d68202ed4a058c5d54eb073b6d56be8a |
| SHA512 | ef28b881762f122ba3a71f3f9b821a44d3347bdafc1bfabff5682fe4d19793565f8f159252676a865b8d67ef7ad68f285c5bd4da51921f5208554ee8053ffe87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 029fe9fea16ec3c7ecfaf9087c578851 |
| SHA1 | b81015bc705a11f7e84bc8119541b96187507dbc |
| SHA256 | 5c7c127bb94d487f49307138e03026fa04de0a8789c47108813f5736e239144b |
| SHA512 | dcad6983ea49f80cad0dce158eab2329497e1e51fb45a4637ebad0e298816345c8e322fc57c23135565ce6d0ee31f1bb5a5cd1eec24290ba389bbd53a13e51af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dd7509570d0ccf849b1f9d0fa19d74da |
| SHA1 | 807bb43ad088bf2822f26cbf32777c5d5902bd2d |
| SHA256 | 780a0a051f24dcbbcf24be57cb35d98e4743669e0a8ca5c10f574c45ddbe9056 |
| SHA512 | 39d5aea021760246f27bd08c806950506ac6c2245d83088cb410b086c84f141e8ad0fff6ff39acfc1d80b0c1c5e7c83eb5decaf4ddb899dc57e2345303d09b5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 16de56ee6616c6562f7a5ed26a57b0c2 |
| SHA1 | ad9573cfc5baace1db92a4077651945fb3d2dee2 |
| SHA256 | 292ba13b1add3170b4c9bf38a1ff3e40ebc4e4efda3c2f7ceccd1e1d93537bbe |
| SHA512 | d044e55d810e80e4042162ba262244e8b22f6070b69ece29385ff93ccb562f770bbd97398d254a91f9fb38822fb2900630c8a9ee0144f1b4a960784cbcafa0b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c4fcd6259ad00bdb18e9b65658c5040c |
| SHA1 | 1ec22e61da12a9cababfaf5d559d5ddfe9c01158 |
| SHA256 | fca9fcafe162ff1219b1057ff74746a72c5bea480c6c52550b9ffcab17d746a3 |
| SHA512 | f038f1b19c78004d1a1c18ae2c001d5729051bf6548aaed0960f86abccd6e1a3d9f8e3d33e7157b8cfcaeea5c18bbda3fa60a45b16ba629070e99cb65e7d3bbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bade52fceb0f5865802e9e68f6ac38ce |
| SHA1 | 66bd6c3f29818367b48bcfff8378e711aba405da |
| SHA256 | 14570d958face4a0e2e5306b884034b1a3b61ec5fae8d8fb3a0766fd75589f1c |
| SHA512 | 01719cb482aa6aa954610cfaf7bab5618ea2cfd7fb6bc3970187b2e11b5868ecb8ebbec6712c7aea33ec94760affebae0e186337c614a25a584c0deb7120ecff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 27ea113af52c7006b5e738ebbbc371a3 |
| SHA1 | 50ca2efa69fdac4b710c8364bc7d75318e707eb0 |
| SHA256 | 1f8b7ca284d2bc630d9a30ac36a4706ffb622c91156a5679b1e0c4f040c6b9a6 |
| SHA512 | 6f7ca994e477068bea72ad8b2c621b81c78363783d2fdfceb43063fed79794c027695cb282952eac07becc714138f8240cbb7e970c233842223728e69132d2e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 441f7af7be9772a1a6e864ed27adb368 |
| SHA1 | f96b5b280bdcc946cebdeb507dd67178acd252be |
| SHA256 | a533f19a973bdc4a7e8575ea6938e100f03ff4888f9cf52af3f8b23c311611e3 |
| SHA512 | 51fd5efa97323b48796d11241e3e0dc71f3c09b1ec770fcc07bf8c4f311f520614e41925515eb7df35774e8125834784a585ac781518aff0bd515ab69de8934c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5c3bdd5e6077b6761e958a19bb629853 |
| SHA1 | 544980f1a3d52ccbb649d117e43d8f785e106059 |
| SHA256 | 4061afe7378fce0dcf6b2e9549b0146641f2641cd782c2a0d5a14ff1203a0220 |
| SHA512 | e7a6286d1d02468e1a74350b06bf05c4280010161e99d93e4020b52feb88f7f38cabaf09a862d4a60667614df3698914fa5453dcbc672459905835daeb8319e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 917f4d303b726e39ee83e621df114eb2 |
| SHA1 | d56cd1d622a9a088742b2e36382c23dcb8f7ab4f |
| SHA256 | a196a6af16d0d68d0bb0af8d2c36d292637c27437b03756c00bf8dc7e682be9a |
| SHA512 | db1027e08a45f8a249f93998c5de30a55856497bd77f2c04e3a0e08dcccb2a0546624bd37401fb7fd41ea85c07eee0b6e8187dce43ca83e43cc0304fe20c6d37 |
C:\Users\Admin\Downloads\Loader.rar
| MD5 | 4df47749c890cb4a3316e8461ed37d21 |
| SHA1 | 3f79a6e57688bd3f506c441372217079d9f14a4f |
| SHA256 | ec721ebd408d20753388405fe6f2ef62f95493700d95a46e38798b889aa85bc4 |
| SHA512 | 6724ffa84b8424ba9647c86f0a7c77cb9adf6191c25d64baffe5e737e75a6877ea483ad72e6610f6e5049b88233291b5dea4ef2dc57eb4cdf4046781a735dae3 |
C:\Users\Admin\Desktop\New folder\MedalLauncherLog20230923.txt
| MD5 | dc19504bc1d07bdc4ec7535689fdb7da |
| SHA1 | ff5010b75d3ec19563cf784b7a890470db54791a |
| SHA256 | 8bf5794466af9a8c82fc9dcc00e7a755d53a32e9bd40b770a88ac40fc3e6640e |
| SHA512 | 9d2e90a937bb35d2af92d5b374a5103906caf45496eceb48ed25b080a452100eb5c96082a1bb9231734b053dba04a4f109c0bf06829a5e31b66d44118a865587 |
C:\Users\Admin\Desktop\New folder\GameVersion.txt
| MD5 | 75b44d7f3708448f0e08110f0905b756 |
| SHA1 | 903726e852dc0a64adf01744e87588ade1f95ad1 |
| SHA256 | af353f8e54eb3536e840485531f6a9cce9bccc87b69e506bbaf390c77295fe43 |
| SHA512 | d79cc800d039720b3e354a75606794dc6cc3886b81f0df997c135bedadac740ab43ece04c62b8ae8f9d32bbc96b47c842c7c1ec6fd7e522cb7982a521dcbafdd |
C:\Users\Admin\Desktop\New folder\Loader.exe
| MD5 | 6be043ec93e0e18bc92381c8cf8c214b |
| SHA1 | 616648f52c2a8580c51185b1ccfb12ab127d6ed3 |
| SHA256 | 79bc8405f9fe98ebcf6ee04482d89a20cba531cad8276824901e4a12c4b8e7c7 |
| SHA512 | 847cd3995ac6d79712948f6d272e71b50e209a15ce5c86fba0630b708fb14b499876d9591ba2f1d56676779f181edf68620ed1eeb2e27febe88d09459c77bc2b |
memory/3456-458-0x0000000000140000-0x00000000004D4000-memory.dmp
memory/3456-459-0x0000000074950000-0x0000000075100000-memory.dmp
memory/3456-460-0x00000000028D0000-0x00000000028D1000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | af94e6408225a528df92e39338b1d503 |
| SHA1 | 20885bdf89596a0cb8d182681018ee925a667806 |
| SHA256 | b90a5b6d2f6a20b78ee9d3f456e2e876b6766325d23d8c9ff6969c20377b92b6 |
| SHA512 | c89c6a7c81cfc3db89d330fed8cf3e30290e352c6f4b9c70b342e1bd26c6f8b69ec8c627d5d2f5864381c0efe1e91d55aad778187493eafacea1fc6c42489bdc |
memory/3736-466-0x0000000000400000-0x000000000044F000-memory.dmp
memory/3736-469-0x0000000000400000-0x000000000044F000-memory.dmp
memory/3456-470-0x0000000074950000-0x0000000075100000-memory.dmp
memory/3736-471-0x0000000000400000-0x000000000044F000-memory.dmp
C:\Users\Admin\Desktop\New folder\rebild mod.exe
| MD5 | 3152fd3a4014b83c869af5e5622fddea |
| SHA1 | 2bfc60371c6a28fcdf32e3d0d98660172a243385 |
| SHA256 | 33897b7cce587186d25f2536611ebb42bbcf6e7a5edaba75ad8ea465ee29aa9c |
| SHA512 | b23a966081bb80be9f784726e81105fe1e954aa39b851e49619d634b014339285445585ffa06d4263f889c5769bbb6f1bea5ef59c891801a6783dbc63f64a7fd |
memory/1120-475-0x0000000074950000-0x0000000075100000-memory.dmp
memory/1120-474-0x00000000007A0000-0x0000000000B3A000-memory.dmp
memory/4928-483-0x0000000000400000-0x0000000000452000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 0e721a75ba2324cdaead568c76379b41 |
| SHA1 | 64af2970519b2f8b3f6dc679dd4c385a1b212acd |
| SHA256 | ac2354fa8dc48768ad0bf9a80727af1ca7b1e63cb9f1c509c16eaf72f26cfc31 |
| SHA512 | e375cb267bde1ec2280382af8c267c069ac467a776b3c2f1a99539be674fb895c2d7fa2bafecd8db629958150e7706037df5c57fbfe900d6a60faa5378a19384 |
memory/1120-485-0x0000000074950000-0x0000000075100000-memory.dmp
memory/4928-486-0x0000000074950000-0x0000000075100000-memory.dmp
memory/4928-487-0x0000000005800000-0x0000000005DA4000-memory.dmp
memory/4928-488-0x0000000005250000-0x00000000052E2000-memory.dmp
memory/4928-489-0x0000000005410000-0x0000000005420000-memory.dmp
memory/4928-490-0x0000000005230000-0x000000000523A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TmpD6A6.tmp
| MD5 | 1420d30f964eac2c85b2ccfe968eebce |
| SHA1 | bdf9a6876578a3e38079c4f8cf5d6c79687ad750 |
| SHA256 | f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9 |
| SHA512 | 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8 |
memory/4928-507-0x0000000005F70000-0x0000000005FE6000-memory.dmp
memory/4928-508-0x0000000006630000-0x000000000664E000-memory.dmp
memory/4928-511-0x0000000006C70000-0x0000000007288000-memory.dmp
memory/4928-512-0x00000000067C0000-0x00000000068CA000-memory.dmp
memory/4928-513-0x0000000006700000-0x0000000006712000-memory.dmp
memory/4928-514-0x0000000006760000-0x000000000679C000-memory.dmp
memory/4928-515-0x00000000068D0000-0x000000000691C000-memory.dmp
memory/4928-516-0x0000000006A10000-0x0000000006A76000-memory.dmp
memory/4928-519-0x0000000006C10000-0x0000000006C60000-memory.dmp
memory/4928-521-0x0000000007860000-0x0000000007A22000-memory.dmp
memory/4928-522-0x0000000007F60000-0x000000000848C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 635861d5793789731f3d9f391f2e9373 |
| SHA1 | 3605964147124b8ba8f4f7b394546db095396192 |
| SHA256 | 58544e1d5db23a674b8727c93895bbbb283551f478b208f58f2ed9cb84a6924e |
| SHA512 | 232d7e7492ddc1f733231e11febbc464b93495dd9b7760ca0e271619755d0eb2848780a9b380a700dffe3ed9b0d5c18cc0fc0d85ea9342242efa7c5003119a58 |
memory/4928-525-0x0000000074950000-0x0000000075100000-memory.dmp