Analysis Overview
SHA256
a44d4d8dee755988f280f95fd7b4b54952be4ea4a336d58c6a9c427deb0bb55f
Threat Level: Known bad
The file MCTrafficer(2).exe was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Enumerates VirtualBox DLL files
Command and Scripting Interpreter: PowerShell
Sets file to hidden
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
UPX packed file
Browser Information Discovery
Unsigned PE
Detects Pyinstaller
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 13:19
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 13:19
Reported
2024-10-26 13:26
Platform
win7-20240903-en
Max time kernel
104s
Max time network
295s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"
C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b29758,0x7fef6b29768,0x7fef6b29778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1404 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.78:443 | apis.google.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | e2c34.gcp.gvt2.com | udp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| KR | 35.216.18.75:443 | e2c34.gcp.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI19362\python310.dll
| MD5 | 701e2e5d0826f378a53dc5c83164c741 |
| SHA1 | 62725dbee8546a7c9751679669c4aeb829bcb5a7 |
| SHA256 | 9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2 |
| SHA512 | df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f |
memory/2632-1253-0x000007FEF5EA0000-0x000007FEF630E000-memory.dmp
memory/2632-1254-0x000007FEF5EA0000-0x000007FEF630E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_2136_APRKKOPKYHTQHGDS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b98ab49cd022ff0d1bd4e53c9e4c46b3 |
| SHA1 | 3be46fbc9579003e3d0d19d5375927b5999998fc |
| SHA256 | e293e051194dafcfdf405f2a3aabb3d4660a46ea8b351c63996a85c4e105b4c0 |
| SHA512 | 6a786e77d0f88a823092c9eadb8fb8a941c61c96d1b6f4c371c229b7bbc5a567faec22f7fc2bf35a0ff23a65658947bf178607f7f3e6c1960505169fdc7d6f05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ff3d8ec596f82c24324392e3527bf00 |
| SHA1 | 67f79ae30d333f71cd704feaec8d32d366faa739 |
| SHA256 | 2a43ccf230e2b763e045bae1dd668a4b133472c746b96f388a5f3d0695e899ce |
| SHA512 | e523515c4b0a735cbc5b458ab6bc92e977c3f72b0da5f22c61e96b31d19d8de8d36eb283ba994a83233ecce571f597d8aeae481fc8fac064e7093d55479e0d0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 99f95be42adad83f544519784ec11d50 |
| SHA1 | 68588d8116020d5c35c5e147b3f18ba2ca904840 |
| SHA256 | 796a4328dd356263447c819a00092cb6ea8f4af28750851cca9f487bc7b12f5e |
| SHA512 | c11fc2a63c8c00a3b42bee78c190797aefb7cc56846107420c348cd613135bbafa9419c6edc6ef009fc217c5b67609fbe60b9c0d0ab4005aab0fac8dcc06adc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5553fb342673a00e7eac5cfab1389526 |
| SHA1 | 89ac0c3209466beb3a5da7761caf62fac37b43f6 |
| SHA256 | 6022c6b313c31beba7ddce93495b42967bac93f26d1a42f6d830761aeb1e1673 |
| SHA512 | 2aed529109818b47cbce7a1e5950eebfa3e58c94ff07338ff157827f6d61d25f86276059c4c1b4e8ac6a4b96cb7dc9efcdea1d1dce0a6cd3d3fc110e77b0e543 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 13:19
Reported
2024-10-26 13:26
Platform
win10v2004-20241007-en
Max time kernel
301s
Max time network
300s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\windowsutility\mctraffic.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\windowsutility\mctraffic.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\windowsutility\mctraffic.exe | N/A |
| N/A | N/A | C:\Users\Admin\windowsutility\mctraffic.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsutility = "C:\\Users\\Admin\\windowsutility\\mctraffic.exe" | C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133744225344195636" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\windowsutility\mctraffic.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\windowsutility\mctraffic.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"
C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x394
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\windowsutility\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\windowsutility\activate.bat
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Users\Admin\windowsutility\mctraffic.exe
"mctraffic.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "MCTrafficer(2).exe"
C:\Users\Admin\windowsutility\mctraffic.exe
"mctraffic.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\windowsutility\""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8b6b4cc40,0x7ff8b6b4cc4c,0x7ff8b6b4cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2596 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4408,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=240,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3568 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:56519 | tcp | |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 216.58.212.202:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.212.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI16122\python310.dll
| MD5 | 701e2e5d0826f378a53dc5c83164c741 |
| SHA1 | 62725dbee8546a7c9751679669c4aeb829bcb5a7 |
| SHA256 | 9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2 |
| SHA512 | df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/1676-1255-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16122\base_library.zip
| MD5 | 4ca29d6a8d678046d1ed80249c50cdbe |
| SHA1 | 1f5b278adaba8591c2e2a18f48ddd103efc6018b |
| SHA256 | 75e5f6af352dac9b250561a49e519a58fc37e2519bfc22ec23ec998fe44cc21b |
| SHA512 | 2fbe2b8c115be85c93a884b62b6e0ffaad9af69542c4c7850e46d1854ee1e46d5e5217cbba98b8f89bcb18c6510279904767a73d0e38e3b414e6d46aba284768 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_ctypes.pyd
| MD5 | fab57c847ccd83d1eda8d0f70223284c |
| SHA1 | 9036fb9ddf58384d41805b0f5701d0dd3fc9fe5d |
| SHA256 | f94440debb2c034d504859edb115ae1ba3ec3f65a084178c810eada77cc0b803 |
| SHA512 | 4dfff55c12415fcf4b75594bee323423a8bcf7cbec0384978d2cde23c803aa447e9935e3990e5f87aa70e4187890ac1b4bed68780bda479707e17a68d6dd398d |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\python3.DLL
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
memory/1676-1265-0x00007FF8CEF30000-0x00007FF8CEF3F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libffi-7.dll
| MD5 | 36b9af930baedaf9100630b96f241c6c |
| SHA1 | b1d8416250717ed6b928b4632f2259492a1d64a4 |
| SHA256 | d2159e1d1c9853558b192c75d64033e09e7de2da2b3f1bf26745124ed33fbf86 |
| SHA512 | 5984b32a63a4440a13ebd2f5ca0b22f1391e63ac15fe67a94d4a579d58b8bb0628980a2be484ac65ad3a215bbe44bd14fe33ec7b3581c6ab521f530395847dd5 |
memory/1676-1263-0x00007FF8CDAF0000-0x00007FF8CDB14000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_bz2.pyd
| MD5 | 5f1fcfa6577ed6ecf4099650873ee9d0 |
| SHA1 | 7f65d93c52f7bbddcad0420822700c3e43881f78 |
| SHA256 | f68775b81e881f2bddeda06442e44d2c6820db2dbab37fa1852dc411d8e28a85 |
| SHA512 | 590d7961656e52b7979deb6b20a344bcac184041ba0f22f58d6422b8f60877260eab57032e41b6375360ff62879f336a7b453494dc435f332198965107857575 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_lzma.pyd
| MD5 | b45eca52c04371b2812c9104c7698738 |
| SHA1 | 4da64729787e58d24ca7dda23c50aedbffe2fc22 |
| SHA256 | c31b390ad7834ec10dec2ea2af9d110ffd0483df920046c74236ef736b10fbd7 |
| SHA512 | 0404effb490fda47f1899c931b7de137038ae7afbfad9aa0155e49066f0b7cd74ba3a92628022197d657114a7d84451521bf0a47037252c158b5c83d0ea1d15f |
memory/1676-1270-0x00007FF8CD780000-0x00007FF8CD799000-memory.dmp
memory/1676-1271-0x00007FF8C98A0000-0x00007FF8C98CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_cffi_backend.cp310-win_amd64.pyd
| MD5 | 5988556d3aa9170627d75daeecf3cee7 |
| SHA1 | ad7fa07b5ed0918b98cd35d74c601c9e10749137 |
| SHA256 | 90fdea940467e80faa5d4f921c1a5c65a6e918f6d939747227b0cfaf7bfe149e |
| SHA512 | 49471bba4703902eca73055d3ed008eb002ce5f448ad870db3a7de89cf064d604ee6c0b87cca82cd9e36d21c86b6f21245102862643f4455bd230c9e488448b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_hashlib.pyd
| MD5 | 12c1703b7464bd94098ee976fbf8672c |
| SHA1 | e73dfb0e9c78ad209fa1a6decd863658d706eba6 |
| SHA256 | 228f1f78216051c90e5a9cd5aadce01f5c100fe4e60cccd8bcb92fdcbcdda145 |
| SHA512 | 5b17bcb7e05f0efe15e5362c56d81691f01cdac2737f87486d6cfdfd137d94129b497b6e958a2de6e3f437f4d768da23117d4ad88d22149c9ca4feb474623092 |
memory/1676-1312-0x00007FF8CC580000-0x00007FF8CC594000-memory.dmp
memory/1676-1314-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libcrypto-1_1.dll
| MD5 | 571796599d616a0d12aa34be09242c22 |
| SHA1 | 0e0004ab828966f0c8a67b2f10311bb89b6b74ac |
| SHA256 | 6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b |
| SHA512 | 7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_uuid.pyd
| MD5 | aa65dc954ce85134a8f5d8604fa543aa |
| SHA1 | 75a31d76c85b3a78c906c0564fa7763e74c2fc49 |
| SHA256 | d7b691db91a6bdad2256c8ef392b12126090c8f4d1b43bfd3ec5a020b7f6a7ab |
| SHA512 | e40b03e6f0f405295b3cde5e7f5b3fdbb20de04e9715b4a31eebddf800918d86ac1b74431bb74ed94c4326d77699dd7b8bbe884d5718f0a95ca1d04f4690ea9b |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_tkinter.pyd
| MD5 | 28522a9d0fbcfd414d9c41d853b15665 |
| SHA1 | 801a62e40b573bccf14ac362520cd8e23c48d4a4 |
| SHA256 | 3898b004d31aec23cf12c61f27215a14a838d6c11d2bc7738b15730518154bb5 |
| SHA512 | e7e715c61db3c420cdee4425d67e05973616e60e23308ef2a24e4a25deeeb8d4802de1cd5cf6a997cec2e9ebad29a4c197b885f8d43e9f7b2b015e9c026782e8 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_ssl.pyd
| MD5 | 42469b54eb9a10b20c3ce8007864584d |
| SHA1 | db42e159286406f5092366ca2307af74ed77e488 |
| SHA256 | 773ab4c98a927ae385ee220a3d59240e2cb86eabc9f3e923e27539b340ca3cf3 |
| SHA512 | 34c214bdaab507bb091ecff516af2ac1ce1dbc6e0dbf77da6c698e186600bc8236f99e2bb102d2b65ac42a6e4e40a14df6946f3ac97c02bbd0b7ef10aba056dd |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_sqlite3.pyd
| MD5 | 94200ad6269a8af1699b3842d27f87d7 |
| SHA1 | a8cf636639ff3e30675cc2c54e5eb4ce86dce8a5 |
| SHA256 | ee93640e7fb77633e6e0bc96176fe87e44cbfc92668eab3f7748f6fc9770bece |
| SHA512 | aec9b13cd67c5873d6ceb795edda5784eda5829cd877bc022d03c9d994e4f3a42b4e4846543364a37866ed20e4d736f72eca1224f5684be1b88dd8f7e0d31bde |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_socket.pyd
| MD5 | 7c65a201e922e8be1f176a4c2db7e377 |
| SHA1 | 78183e083ecb283de6be50bbecca83c93bdceafb |
| SHA256 | bd3edf2966e386649aa773a86d4aaf6c9d858bcc794d23953ad1abca2c3c9b3e |
| SHA512 | f5ce05753a233f7ae3c7404011ede284c2ee2c3e51d5fa19b10be372c4e6e518cb9ff8a707295d750951e04a828c438e8be0611ef3476fc8fc60473174f6071b |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_queue.pyd
| MD5 | 20268609ecebf39a029a6f912222a112 |
| SHA1 | 1bf5d03a451040d99ce8556e5ab731c73b27f268 |
| SHA256 | 8120ef496869391ea2625009d8151e9989267912ea398f5fe2fba10b0476b8bf |
| SHA512 | 321cb5d5f52e41940030b935fda3b7f184928071f7645c87c5509d2c58c37ccb320fb73527d26aa0f2624b96a15015f9dbb608b5f8e291f2c4af9c4dd08cb923 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_portaudio.cp310-win_amd64.pyd
| MD5 | bf9f5464020792a3a1042bc7d5a22cb7 |
| SHA1 | 9703d95401c24fee99a016ee78dcc2e914b3f401 |
| SHA256 | 579b787831108e8af7bedb93f90decc7ebab26fa0469e0524429b3dbba043d67 |
| SHA512 | be198eae15c8820bfc1bc6ab72ebdc574396cfd6a0f2753d9f1be55492b511b28c24c5b057fa599265e0a81b9eccca6bf715e013c81ea94cecd5efcf122cd176 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_overlapped.pyd
| MD5 | a752451482e3a12bb548d671dfdb8b45 |
| SHA1 | cd1b4b5fb4bd967a88f22a309fc4f91df2c5a6e9 |
| SHA256 | 6c415e1ff4c4cc218c8b3df6678f1eab8d4206bd269f68512910fa04b64b8f22 |
| SHA512 | 841408f1e01ac372e80882fd2e38207a92a26d5c445172ddc776279e5b08572b72a88011402d644135db145fd0893278999a09db15cc18920103b90fdb76de56 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_multiprocessing.pyd
| MD5 | 9e1a8a2209262745323a3087e3ca5356 |
| SHA1 | db5db846be89ed930291afd3e0b5ee31f3e8a50e |
| SHA256 | f7bc9e58a91241d120998e2125173b8ce05fb178e4c77825bcae0f9afd751769 |
| SHA512 | bb5741285b773b36a2c24f15d28d172cb96220a662111a587f5ea6a9652a3e09b4795737ae8d2785243990039ebb8f7a597423e3dbd9a69a9cc4917222fa65e7 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_elementtree.pyd
| MD5 | ad2229ca1802fc2408b59d9ec9460cea |
| SHA1 | f090c8647c2f21c2d46384b9562238559846d793 |
| SHA256 | d175def644ad25a6447b3c84fd0aafd75f8f9adf177f3ae9c78d61bfed04b8a0 |
| SHA512 | 7168cf9ca6ac49f935303e741b3f0e4edee384a2fa64fb4100eebda0e012b4b5aa1a08acba62643debc638c25c6462393ddcd132f7a02c5ed207cd37fda8d895 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_decimal.pyd
| MD5 | c369a14a7020a3603182a4f5cd22e53a |
| SHA1 | 372cea2b33218f57281dcd0613b617ccb3908963 |
| SHA256 | 04769e2f8182c32c780f0bc9324f30a1a2a904b5395e2fcffabbc0cc4fcbff5c |
| SHA512 | 371584f1835485a4acbf77d621cd90c74bf6d870f239ee72b65116f4b7909a6344de09a79615b096789d83bd708af0fd3dcb2220c5cccf76661bdcabdf5f8026 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\_asyncio.pyd
| MD5 | bac1b37093d9a3d8a69c4449067daf79 |
| SHA1 | 6debc17c8446915b7413685da449f028cf284549 |
| SHA256 | b4130ab50e425027634a8a4c01c320a70b8529f2988c3a7fb053e07847b68089 |
| SHA512 | 24e108ed396c15fe70a4c915a5adadbfaddacab93d20109574b2f3875ed76225f2444098f2f2c47613f5df16d31c5c93dcc77f5af7b6d9b7739d1e392260ec59 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\zlib1.dll
| MD5 | ee06185c239216ad4c70f74e7c011aa6 |
| SHA1 | 40e66b92ff38c9b1216511d5b1119fe9da6c2703 |
| SHA256 | 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466 |
| SHA512 | baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\VCRUNTIME140_1.dll
| MD5 | bba9680bc310d8d25e97b12463196c92 |
| SHA1 | 9a480c0cf9d377a4caedd4ea60e90fa79001f03a |
| SHA256 | e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab |
| SHA512 | 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\unicodedata.pyd
| MD5 | 3cc7f1037a741695b6d3cbb4dfb02a5e |
| SHA1 | 03731fafd37b9c8e4da287299d3b09ea6482e1e3 |
| SHA256 | 0c723804b1f1800d273157684771ff22035db92f83146a1a8d0d4b4d0774bb2f |
| SHA512 | 612ff0d4fe423bd4e9c6dc0bd5ef3904ffc7c5595671fc9480ebcb8947759030bd96d8a65c49401f99eaa417264922a9e1026955e29f93186571f2a89151e2d3 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\tk86t.dll
| MD5 | 19adc6ec8b32110665dffe46c828c09f |
| SHA1 | 964eca5250e728ea2a0d57dda95b0626f5b7bf09 |
| SHA256 | 6d134200c9955497c5829860f7373d99eec8cbe4936c8e777b996da5c3546ba7 |
| SHA512 | 4baa632c45a97dc2ca0f0b52fd3882d083b9d83a88e0fa2f29b269e16ad7387029423839756ee052348589b216509a85f5d6ee05a1e8a1850ce5d673ae859c27 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\tcl86t.dll
| MD5 | 2ac611c106c5271a3789c043bf36bf76 |
| SHA1 | 1f549bff37baf84c458fc798a8152cc147aadf6e |
| SHA256 | 7410e4e74a3f5941bb161fc6fc8675227de2ad28a1cec9b627631faa0ed330e6 |
| SHA512 | 3763a63f45fc48f0c76874704911bcefe0ace8d034f9af3ea1401e60aa993fda6174ae61b951188bec009a14d7d33070b064e1293020b6fd4748bee5c35bbd08 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\sqlite3.dll
| MD5 | 8d6dba91698b6f58e39828b5ced7f5e7 |
| SHA1 | 6219675b87355d30ef6531b8a98c9a2b388548df |
| SHA256 | 7214db734027b5517c79500bb7123bcbe27c36c284081dffe3acbc8803b0d1c0 |
| SHA512 | 8c61b254db4ca15b3439c346a1ab0fbf298d93fa534722d990e103c47a2c81c9ad2d695a7202ec8da550c83ed3fa5107def44f0c2615a12a28bd11c9c2f4aaaf |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\select.pyd
| MD5 | 7a1b8a953671d61e2ef79b55876c91a5 |
| SHA1 | 701476f9f4890326acc1390d4b5939c1a63875b6 |
| SHA256 | f02fa3749ba56e11b8e55d7b426cdab61186b7d8e7b3590add9b37fa2ec2c061 |
| SHA512 | bd900c5e45e89557fef64ba008e414f0a25571fc06dcd7ebd532d66856618c56e0be73e2e5e03c74160c2fd0b7a7c356cdc9ba4bb559d88d6f8813a19a75260a |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2_ttf.dll
| MD5 | eb0ce62f775f8bd6209bde245a8d0b93 |
| SHA1 | 5a5d039e0c2a9d763bb65082e09f64c8f3696a71 |
| SHA256 | 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a |
| SHA512 | 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2_mixer.dll
| MD5 | b7b45f61e3bb00ccd4ca92b2a003e3a3 |
| SHA1 | 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc |
| SHA256 | 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095 |
| SHA512 | d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2_image.dll
| MD5 | 25e2a737dcda9b99666da75e945227ea |
| SHA1 | d38e086a6a0bacbce095db79411c50739f3acea4 |
| SHA256 | 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c |
| SHA512 | 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2.dll
| MD5 | ec3c1d17b379968a4890be9eaab73548 |
| SHA1 | 7dbc6acee3b9860b46c0290a9b94a344d1927578 |
| SHA256 | aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f |
| SHA512 | 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\pyexpat.pyd
| MD5 | 9cbd08544dce0712557d8ab3fa0d2d15 |
| SHA1 | cff5ea26bd61330146451390d6cecbda1c102c57 |
| SHA256 | 77813956d86430e1d850989eca1ace8641b7523ecbe1de825bd2fd7094f15f2c |
| SHA512 | e9879b10f26b4205d389de77a978135d285339d971ddae6050cd8453aecf7ed8e39834a685c77aa1beddb8d7d922f4390278c772beb9cd0bfbd7cc8a77c7fc90 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\portmidi.dll
| MD5 | 0df0699727e9d2179f7fd85a61c58bdf |
| SHA1 | 82397ee85472c355725955257c0da207fa19bf59 |
| SHA256 | 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61 |
| SHA512 | 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libwebp-7.dll
| MD5 | b0dd211ec05b441767ea7f65a6f87235 |
| SHA1 | 280f45a676c40bd85ed5541ceb4bafc94d7895f3 |
| SHA256 | fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e |
| SHA512 | eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libtiff-5.dll
| MD5 | ebad1fa14342d14a6b30e01ebc6d23c1 |
| SHA1 | 9c4718e98e90f176c57648fa4ed5476f438b80a7 |
| SHA256 | 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca |
| SHA512 | 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libssl-1_1.dll
| MD5 | aabafc5d0e409123ae5e4523d9b3dee2 |
| SHA1 | 4d0a1834ed4e4ceecb04206e203d916eb22e981b |
| SHA256 | 84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831 |
| SHA512 | 163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libpng16-16.dll
| MD5 | 55009dd953f500022c102cfb3f6a8a6c |
| SHA1 | 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb |
| SHA256 | 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2 |
| SHA512 | 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libopusfile-0.dll
| MD5 | 2d5274bea7ef82f6158716d392b1be52 |
| SHA1 | ce2ff6e211450352eec7417a195b74fbd736eb24 |
| SHA256 | 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5 |
| SHA512 | 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libopus-0.x64.dll
| MD5 | e56f1b8c782d39fd19b5c9ade735b51b |
| SHA1 | 3d1dc7e70a655ba9058958a17efabe76953a00b4 |
| SHA256 | fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732 |
| SHA512 | b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libopus-0.dll
| MD5 | 3fb9d9e8daa2326aad43a5fc5ddab689 |
| SHA1 | 55523c665414233863356d14452146a760747165 |
| SHA256 | fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491 |
| SHA512 | f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libogg-0.dll
| MD5 | 0d65168162287df89af79bb9be79f65b |
| SHA1 | 3e5af700b8c3e1a558105284ecd21b73b765a6dc |
| SHA256 | 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24 |
| SHA512 | 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libmodplug-1.dll
| MD5 | 2bb2e7fa60884113f23dcb4fd266c4a6 |
| SHA1 | 36bbd1e8f7ee1747c7007a3c297d429500183d73 |
| SHA256 | 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b |
| SHA512 | 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\libjpeg-9.dll
| MD5 | c22b781bb21bffbea478b76ad6ed1a28 |
| SHA1 | 66cc6495ba5e531b0fe22731875250c720262db1 |
| SHA256 | 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd |
| SHA512 | 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4 |
C:\Users\Admin\AppData\Local\Temp\_MEI16122\freetype.dll
| MD5 | 04a9825dc286549ee3fa29e2b06ca944 |
| SHA1 | 5bed779bf591752bb7aa9428189ec7f3c1137461 |
| SHA256 | 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde |
| SHA512 | 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec |
memory/1676-1316-0x00007FF8CBF90000-0x00007FF8CBFA9000-memory.dmp
memory/1676-1318-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp
memory/1676-1320-0x00007FF8C9390000-0x00007FF8C93BE000-memory.dmp
memory/1676-1322-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp
memory/1676-1323-0x00007FF8CD9E0000-0x00007FF8CDA98000-memory.dmp
memory/1676-1326-0x00007FF8D7890000-0x00007FF8D789D000-memory.dmp
memory/1676-1325-0x00007FF8CDAF0000-0x00007FF8CDB14000-memory.dmp
memory/1676-1328-0x00007FF8CD8C0000-0x00007FF8CD9D8000-memory.dmp
memory/1676-1330-0x00007FF8CD880000-0x00007FF8CD8B7000-memory.dmp
memory/1676-1333-0x00007FF8CFC20000-0x00007FF8CFC2E000-memory.dmp
memory/1676-1331-0x00007FF8CFC30000-0x00007FF8CFC3F000-memory.dmp
memory/1676-1332-0x00007FF8CC580000-0x00007FF8CC594000-memory.dmp
memory/1676-1334-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp
memory/1676-1343-0x00007FF8C9890000-0x00007FF8C98A0000-memory.dmp
memory/1676-1348-0x00007FF8C9330000-0x00007FF8C933E000-memory.dmp
memory/1676-1350-0x00007FF8C9390000-0x00007FF8C93BE000-memory.dmp
memory/1676-1353-0x00007FF8C92C0000-0x00007FF8C92D1000-memory.dmp
memory/1676-1356-0x00007FF8CD880000-0x00007FF8CD8B7000-memory.dmp
memory/1676-1355-0x00007FF8C8F40000-0x00007FF8C8F50000-memory.dmp
memory/1676-1354-0x00007FF8C5340000-0x00007FF8C5355000-memory.dmp
memory/1676-1352-0x00007FF8C92E0000-0x00007FF8C92F5000-memory.dmp
memory/1676-1351-0x00007FF8C9300000-0x00007FF8C9311000-memory.dmp
memory/1676-1349-0x00007FF8C9320000-0x00007FF8C932E000-memory.dmp
memory/1676-1347-0x00007FF8C9340000-0x00007FF8C934F000-memory.dmp
memory/1676-1346-0x00007FF8C9350000-0x00007FF8C935E000-memory.dmp
memory/1676-1342-0x00007FF8CBF90000-0x00007FF8CBFA9000-memory.dmp
memory/1676-1341-0x00007FF8CD560000-0x00007FF8CD570000-memory.dmp
memory/1676-1340-0x00007FF8C9370000-0x00007FF8C9382000-memory.dmp
memory/1676-1339-0x00007FF8CD770000-0x00007FF8CD780000-memory.dmp
memory/1676-1338-0x00007FF8CD850000-0x00007FF8CD85F000-memory.dmp
memory/1676-1337-0x00007FF8CD860000-0x00007FF8CD871000-memory.dmp
memory/1676-1336-0x00007FF8CDF90000-0x00007FF8CDF9E000-memory.dmp
memory/1676-1335-0x00007FF8CFC10000-0x00007FF8CFC1F000-memory.dmp
memory/1676-1345-0x00007FF8C9360000-0x00007FF8C936F000-memory.dmp
memory/1676-1344-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp
memory/1676-1357-0x00007FF8C5320000-0x00007FF8C5334000-memory.dmp
memory/1676-1358-0x00007FF8CFC20000-0x00007FF8CFC2E000-memory.dmp
memory/1676-1359-0x00007FF8C52F0000-0x00007FF8C5312000-memory.dmp
memory/1676-1360-0x00007FF8C4C80000-0x00007FF8C4C9B000-memory.dmp
memory/1676-1361-0x00007FF8C4C60000-0x00007FF8C4C76000-memory.dmp
memory/1676-1362-0x00007FF8C4C40000-0x00007FF8C4C59000-memory.dmp
memory/1676-1363-0x00007FF8BF640000-0x00007FF8BF68D000-memory.dmp
memory/1676-1364-0x00007FF8BFA40000-0x00007FF8BFA51000-memory.dmp
memory/1676-1365-0x00007FF8C52E0000-0x00007FF8C52EA000-memory.dmp
memory/1676-1366-0x00007FF8BFA20000-0x00007FF8BFA3E000-memory.dmp
memory/1676-1367-0x00007FF8BE970000-0x00007FF8BE9CD000-memory.dmp
memory/1676-1368-0x00007FF8BE940000-0x00007FF8BE969000-memory.dmp
memory/1676-1370-0x00007FF8BD440000-0x00007FF8BD46E000-memory.dmp
memory/1676-1369-0x00007FF8C52F0000-0x00007FF8C5312000-memory.dmp
memory/1676-1371-0x00007FF8BE920000-0x00007FF8BE93F000-memory.dmp
memory/1676-1373-0x00007FF8BD2C0000-0x00007FF8BD431000-memory.dmp
memory/1676-1372-0x00007FF8C4C60000-0x00007FF8C4C76000-memory.dmp
memory/1676-1374-0x00007FF8BD2A0000-0x00007FF8BD2BC000-memory.dmp
memory/1676-1376-0x00007FF8BF700000-0x00007FF8BF70B000-memory.dmp
memory/1676-1377-0x00007FF8BD290000-0x00007FF8BD29B000-memory.dmp
memory/1676-1375-0x00007FF8BF640000-0x00007FF8BF68D000-memory.dmp
memory/1676-1378-0x00007FF8C8F80000-0x00007FF8C8F8C000-memory.dmp
memory/1676-1380-0x00007FF8C8F70000-0x00007FF8C8F7B000-memory.dmp
memory/1676-1379-0x00007FF8BFA20000-0x00007FF8BFA3E000-memory.dmp
memory/1676-1381-0x00007FF8C8F60000-0x00007FF8C8F6C000-memory.dmp
memory/1676-1382-0x00007FF8BE940000-0x00007FF8BE969000-memory.dmp
memory/1676-1385-0x00007FF8BD280000-0x00007FF8BD28C000-memory.dmp
memory/1676-1395-0x00007FF8BD210000-0x00007FF8BD21B000-memory.dmp
memory/1676-1397-0x00007FF8BD200000-0x00007FF8BD20D000-memory.dmp
memory/1676-1396-0x00007FF8BD290000-0x00007FF8BD29B000-memory.dmp
memory/1676-1394-0x00007FF8BD220000-0x00007FF8BD22C000-memory.dmp
memory/1676-1393-0x00007FF8BD2A0000-0x00007FF8BD2BC000-memory.dmp
memory/1676-1392-0x00007FF8BD250000-0x00007FF8BD25C000-memory.dmp
memory/1676-1391-0x00007FF8BD230000-0x00007FF8BD23B000-memory.dmp
memory/1676-1390-0x00007FF8BD240000-0x00007FF8BD24B000-memory.dmp
memory/1676-1389-0x00007FF8BD2C0000-0x00007FF8BD431000-memory.dmp
memory/1676-1388-0x00007FF8BD260000-0x00007FF8BD26E000-memory.dmp
memory/1676-1387-0x00007FF8BD270000-0x00007FF8BD27D000-memory.dmp
memory/1676-1386-0x00007FF8BE920000-0x00007FF8BE93F000-memory.dmp
memory/1676-1384-0x00007FF8BD440000-0x00007FF8BD46E000-memory.dmp
memory/1676-1383-0x00007FF8C8F50000-0x00007FF8C8F5B000-memory.dmp
memory/1676-1398-0x00007FF8BD7D0000-0x00007FF8BD7E2000-memory.dmp
memory/1676-1399-0x00007FF8BF820000-0x00007FF8BF82C000-memory.dmp
memory/1676-1400-0x00007FF8BD790000-0x00007FF8BD7C4000-memory.dmp
memory/1676-1401-0x00007FF8BD6D0000-0x00007FF8BD78C000-memory.dmp
memory/1676-1402-0x00007FF8BD6A0000-0x00007FF8BD6CB000-memory.dmp
memory/1676-1403-0x00007FF8BCFB0000-0x00007FF8BD1F9000-memory.dmp
memory/1676-1404-0x00007FF8BD640000-0x00007FF8BD695000-memory.dmp
memory/1676-1405-0x00007FF8BCCD0000-0x00007FF8BCFAF000-memory.dmp
memory/1676-1406-0x00007FF8BABD0000-0x00007FF8BCCC3000-memory.dmp
memory/1676-1407-0x00007FF8BD5F0000-0x00007FF8BD607000-memory.dmp
memory/1676-1408-0x00007FF8BD5C0000-0x00007FF8BD5E1000-memory.dmp
memory/1676-1409-0x00007FF8BD590000-0x00007FF8BD5B2000-memory.dmp
memory/1676-1410-0x00007FF8BD790000-0x00007FF8BD7C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_npx501an.kx3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1676-1475-0x00007FF8C4C60000-0x00007FF8C4C76000-memory.dmp
memory/1676-1469-0x00007FF8CD880000-0x00007FF8CD8B7000-memory.dmp
memory/1676-1467-0x00007FF8D7890000-0x00007FF8D789D000-memory.dmp
memory/1676-1456-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp
memory/1676-1459-0x00007FF8CD780000-0x00007FF8CD799000-memory.dmp
memory/1676-1458-0x00007FF8CEF30000-0x00007FF8CEF3F000-memory.dmp
memory/1676-1477-0x000002B9AA110000-0x000002B9AA1B6000-memory.dmp
memory/1676-1476-0x00007FF8C4C40000-0x00007FF8C4C59000-memory.dmp
memory/1676-1474-0x00007FF8C4C80000-0x00007FF8C4C9B000-memory.dmp
memory/1676-1473-0x00007FF8C52F0000-0x00007FF8C5312000-memory.dmp
memory/1676-1472-0x00007FF8C5320000-0x00007FF8C5334000-memory.dmp
memory/1676-1471-0x00007FF8C8F40000-0x00007FF8C8F50000-memory.dmp
memory/1676-1470-0x00007FF8C5340000-0x00007FF8C5355000-memory.dmp
memory/1676-1468-0x00007FF8CD8C0000-0x00007FF8CD9D8000-memory.dmp
memory/1676-1466-0x00007FF8CD9E0000-0x00007FF8CDA98000-memory.dmp
memory/1676-1465-0x00007FF8C9390000-0x00007FF8C93BE000-memory.dmp
memory/1676-1464-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp
memory/1676-1463-0x00007FF8CBF90000-0x00007FF8CBFA9000-memory.dmp
memory/1676-1462-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp
memory/1676-1461-0x00007FF8CC580000-0x00007FF8CC594000-memory.dmp
memory/1676-1460-0x00007FF8C98A0000-0x00007FF8C98CD000-memory.dmp
memory/1676-1457-0x00007FF8CDAF0000-0x00007FF8CDB14000-memory.dmp
memory/4040-3864-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp
memory/4040-3905-0x000002AA539B0000-0x000002AA539BB000-memory.dmp
memory/4040-3904-0x000002AA53920000-0x000002AA53967000-memory.dmp
memory/4040-3903-0x00007FF8BFA20000-0x00007FF8BFA3F000-memory.dmp
memory/4040-3902-0x00007FF8C4C60000-0x00007FF8C4C79000-memory.dmp
memory/4040-3901-0x00007FF8C4C80000-0x00007FF8C4C96000-memory.dmp
memory/4040-3900-0x00007FF8C52F0000-0x00007FF8C530B000-memory.dmp
memory/4040-3899-0x00007FF8C5310000-0x00007FF8C5332000-memory.dmp
memory/4040-3898-0x00007FF8C5340000-0x00007FF8C5354000-memory.dmp
memory/4040-3897-0x00007FF8C92C0000-0x00007FF8C92D0000-memory.dmp
memory/4040-3896-0x00007FF8C8F50000-0x00007FF8C8F65000-memory.dmp
memory/4040-3895-0x00007FF8C8F70000-0x00007FF8C8F81000-memory.dmp
memory/4040-3894-0x00007FF8C92D0000-0x00007FF8C92E5000-memory.dmp
memory/4040-3893-0x00007FF8C92F0000-0x00007FF8C9301000-memory.dmp
memory/4040-3892-0x00007FF8C9310000-0x00007FF8C931E000-memory.dmp
memory/4040-3891-0x00007FF8C9320000-0x00007FF8C932E000-memory.dmp
memory/4040-3890-0x00007FF8C9330000-0x00007FF8C933F000-memory.dmp
memory/4040-3889-0x00007FF8C9340000-0x00007FF8C934E000-memory.dmp
memory/4040-3888-0x00007FF8C9350000-0x00007FF8C935F000-memory.dmp
memory/4040-3887-0x00007FF8C9360000-0x00007FF8C9370000-memory.dmp
memory/4040-3886-0x00007FF8CBF90000-0x00007FF8CBFA2000-memory.dmp
memory/4040-3885-0x00007FF8CC580000-0x00007FF8CC590000-memory.dmp
memory/4040-3884-0x00007FF8CC590000-0x00007FF8CC5A0000-memory.dmp
memory/4040-3883-0x00007FF8CD560000-0x00007FF8CD56F000-memory.dmp
memory/4040-3882-0x00007FF8CD770000-0x00007FF8CD781000-memory.dmp
memory/4040-3881-0x00007FF8CD790000-0x00007FF8CD79E000-memory.dmp
memory/4040-3880-0x00007FF8CD850000-0x00007FF8CD85F000-memory.dmp
memory/4040-3879-0x00007FF8CD860000-0x00007FF8CD86E000-memory.dmp
memory/4040-3878-0x00007FF8CD870000-0x00007FF8CD87F000-memory.dmp
memory/4040-3877-0x00007FF8C9890000-0x00007FF8C98C7000-memory.dmp
memory/4040-3876-0x00007FF8BD610000-0x00007FF8BD728000-memory.dmp
memory/4040-3875-0x00007FF8CDF90000-0x00007FF8CDF9D000-memory.dmp
memory/4040-3874-0x00007FF8BD730000-0x00007FF8BD7E8000-memory.dmp
memory/4040-3873-0x00007FF8CD880000-0x00007FF8CD8AE000-memory.dmp
memory/4040-3872-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp
memory/4040-3871-0x00007FF8CD8B0000-0x00007FF8CD8C9000-memory.dmp
memory/4040-3870-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp
memory/4040-3869-0x00007FF8CD8D0000-0x00007FF8CD8E4000-memory.dmp
memory/4040-3868-0x00007FF8CD8F0000-0x00007FF8CD91D000-memory.dmp
memory/4040-3867-0x00007FF8CD920000-0x00007FF8CD939000-memory.dmp
memory/4040-3866-0x00007FF8CEF30000-0x00007FF8CEF3F000-memory.dmp
memory/4040-3865-0x00007FF8CFC10000-0x00007FF8CFC34000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 63839ca2c587eea23100cc82d479e55f |
| SHA1 | c5b694dbeb640f10e0fcad0129c27f6174d74fc6 |
| SHA256 | 76f1e00bfc3f6d205b1d85eb61309973780f0b515c4e55a63a854e4e34ba1813 |
| SHA512 | bca4cd316c2eaaf4f00c9ea0b79000c7e3ebb8b07781590a4227223e49d8db18e074dc04d020d4ee732f6820a6ecc52c93f84cd31ce37c6d7aaf8f2924936536 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3cb97ff7bd61f08a63ae4468287782d6 |
| SHA1 | cc1afb2941ac56708fe4bcdbf8e3e670fc990383 |
| SHA256 | a34bc497b1ca8888d0da99db04f715dcc351a26d92dd4c33a6a228447ad32d47 |
| SHA512 | 1f8a20a843b5f87076af13e9dfd85249fc89bac81ff6846380f500262d2fbf032a300e4c21942f7640992ec78bb2749158509c35a1f8d2c562187754f882a7ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c809ba898dfb04f77ece1b184febc312 |
| SHA1 | 59a0ad2f5383eb60d4dc21f91ed9fe6d15b5f0f8 |
| SHA256 | 42f4dee1ed265cfd9f13546ddd3d8fd7226380730c18ba8c00e0e51c2a287aea |
| SHA512 | 0bab72ae9d12da21db02fcd668f44ace7dacff0004b71db5faa44bc9fd4cf8226cfe4cf3a67ec7e7d54378361b13677509227c1d10cd7cf79c8938a13f4d061f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a213800ad8bb1666c4ee34b815e603c8 |
| SHA1 | 5624cc7c06f1c4f83ba0cc10a7d056a333bb4b98 |
| SHA256 | 222493b49b3148576427687a2f6c327416e1e8940f6309970b28bd371ea5b006 |
| SHA512 | e256372a640e48a093e41b18c70b86b75d252734dd9638616571999e3979888710e40fc2997e4c4e9226390c1a5a8b1b74da711b0fe2ca919328a003acd83e8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | b0d5103c8034981c385c060b8ed56cbc |
| SHA1 | 1280f6e2d330df7d1d925e179450e86214789b4f |
| SHA256 | e92497fa0684fe6c8ecc939919b0ef7fc63999186170a7b4ac674b4c8ccd6a28 |
| SHA512 | 6c285624675e9b2a4323a7e2edf6591986d81e6e31ab687d607dd881245a7e8f38bd4cb76d342712f39e31e9c2047af4dd6690ac00e27491929ad250cf30110e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a7e5aa4744944b264889647f47fa4cd |
| SHA1 | 2031b0ff2c237836657d70a8118f339b2470565d |
| SHA256 | d51bdc22c76161d60ec9054a98b48ef7f6b20997c99a47c3ce98832438fa3b18 |
| SHA512 | 6a425ccdf4d4c8c4991574d67a7666dd11b59941d8318cefac57d6286c5225efdc87e0e1fecd902673741a6f0631cfd741e72740264c0597602277261472a642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0295fb6cabfcffd26de7f79652ea25d4 |
| SHA1 | 407f1dda61469a0d70b6cd82401b1fbb290d92f0 |
| SHA256 | 8c431060a3706afd1caed563b42750e0fcfc66cc197b41f6b7ab1af7ef7c84a7 |
| SHA512 | 667ebbb589548b1326c175b2c050ea81d1bcdf2de270f336ab134c31bd5cbfa208725f804963932dde0a5506d182afd58d8bc94e267cf9c5cab2a0d4c860b021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 441af3364189bc83f25c524982acf12a |
| SHA1 | 7e2689bb8daa6351385415ca749c9c323017e5af |
| SHA256 | dfb571b41d41153ad24dcefbcb94b3b8e462aa2440711c85c0d6fe2d964a4e1d |
| SHA512 | 7b52fa9fda09a91a26c0302cdbc6e5b78e3351eb1c68b73bc997cb3c0f081b7dd4fc10ccde2e6d9c39381d466a127a4647abfc87a76c3c0a4e9a87d78fff4ab2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb263d924e011337b58951a39c4bf2be |
| SHA1 | 839051cfcf002198e9491a3994233302763f3f3b |
| SHA256 | 7499e23223ca05be765e38ceedf4186cbd6f8b02feab7eadf5c7c26b8955c150 |
| SHA512 | fc57723387a0313fd704938cf68c2da2357b0881b846a75c7ba34a78b01aed46184b62f2e3de065090eac6205bbc8b418933616be5210b27a3c273f8b97c20a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4f59a19c-9bd3-4140-8285-667809a93c9b.tmp
| MD5 | a003f6436b5931373a2e3517dacbf7eb |
| SHA1 | 7085ea9bbd25bd6aa5f4c6cb070e088294587e50 |
| SHA256 | c8d8337ab89ae62a4b988a2a253c586205def5d5d499eebf87d7118fe010028d |
| SHA512 | d57d8543a33305b0570003c8f8e6cd68f5a561ebbc402a045d04b068750bea9539ef681085fab3fc5ea58a036bf059bd6310290ef736584431ebb3b32ff830f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b51a847eba80bdb34625f7865f97720f |
| SHA1 | 400c5b2d2e964bd6121ed3a2b323f635dc9ce70f |
| SHA256 | adc76872c3badbce7a7fc0884e64c794b11e835a6d8a60aa1292db39ec1f98f2 |
| SHA512 | 5cc42e62e9cfcab674285d0888fc8bc2ea0c82cd0549fcce6ad6efa6b6a8d1c278291f082927e664086a8694cdb5e6070f36cce46788dcc9d59e82668c1c693a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\000bf039-d380-42da-8013-234bbd8e539b.tmp
| MD5 | 65e2da5d49ee4746513cd3ee561f44b9 |
| SHA1 | 54b1eaf4029d4498c092381a6b0c86e2217a96dc |
| SHA256 | 8f554922010a6df83cb70bed5f79047f7e37aad8cc2e7021537c123e564f76e3 |
| SHA512 | 6e44d78c62419587061fe64774b16834fb08f7c0cfe1933ba799d9ca8d3064aa3c90ce949b9b832782dccc1ace7221049689fc7774eb1168e3111f9189b4713c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05a9a7658a7964f5512630ce88c4fcc0 |
| SHA1 | 246f261185e2202891b9d75b61776351ebef8f1a |
| SHA256 | 50068c00f3f339e15b9bd220be50c92b2f984d6a921a4fa88978b857e1e34587 |
| SHA512 | e573c1d147bdedbc96da0916cb8eff548adde803e0f826bd270598965fbb4656991a6c538e6096ac3673048adb154ec7d9d76714194e580ff9741ac2952840b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e9e8466a79a8a7b668562487a48e2cb |
| SHA1 | da771a0213ad86acb86c6273b29ca13cb7bf1c18 |
| SHA256 | 70312f10134572f639045cd11c49e60630465b504a01c3ae2d557f81e4f91132 |
| SHA512 | eeb15309241d142c030cd5e3c6a5dccfdf0df3d335ed48125c28a9817f25cc8f47ac392bb9b5733fcb9ce757c96d8d08c431eee586ef96f270ab08bcf8321cb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 309bcdfa7c3cfb1fea32f385c76a511c |
| SHA1 | 21ca441b9a4a4c3b85a9b1bd48234aeecda22b89 |
| SHA256 | 54ea73e6ec295546e7dd3d113a11f5e6fe0ba87ef4e6fb71ff4d6cb5d25219d6 |
| SHA512 | 0df67027f40e29c4c398f2cedeece1e6db9706672c07f74c6c99566a9ea5f3b02c9d09be8ace522fcb4661f86c7271b01cf9dc33a8eb149ca7ba52cf671d7447 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7dcb300edcfd327ded46b91f11f9eaaa |
| SHA1 | 6097103d42ad0e1bf1c77d7586b387bc985ebc00 |
| SHA256 | f048ddbb0d9e0dc55fdcb3c781ea44d6d47604b04be1f3f2fee5aa424da8a56a |
| SHA512 | 9d05ce870f8ff55bd3501d516f761fbdbf5fc8a8779e957c83d19f124e5a87c7c324cfc0691397f196507b87b696e8614225ea0fa09d418ecf2a965ce5cfff32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26341b70c2a9fac28ab839f5d67c171b |
| SHA1 | cad2f02be80bc617459a1ae690e88697e27e10d9 |
| SHA256 | cef34461f5429ecb6f96566406fd4849bd5bd97d7445f1b4df6b455ac1809e0e |
| SHA512 | fe468e593cd2a9d5020c5f77ab7039fba6a93b33c67234f2a38202c7ac7e8e6784960d255e1a6d42ebec29db612974e33ac61d7641531b2e933869443aeaa2bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e520d98b5f18b3d70a711d17bdaa0e33 |
| SHA1 | b746dddac8493fc9b43ceceeda83667e609b67d6 |
| SHA256 | b2d96d29bf113d83b8094bab81e1e09e4000cd51b7fcbd82ca1091e35b065bd9 |
| SHA512 | fc222c26f95d5e2bc66f27ca8a4e91ac20df6cbefa51fb33b78b2abb4d502e4bab2c2697d28dcd3913e5d45e35c2c7e607baca05a63d7170d0f84e92eae37ab5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 56db00cf99899ccf4c0e12966daea26c |
| SHA1 | b90f72dc8601157489010f2a1b63b9d6051f2715 |
| SHA256 | e0e3080235933c927670557399667808cb11aaefa0722de18e7b393a9b33b0e2 |
| SHA512 | e4d94eaf2fb89aecf06f781d0492010ff57c3002824f9bb6d3c158701aa588d2d400879d0a2b71a4c1332d119824a6c9dc9e0177eda75b4ec9110dd80c459623 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c263928de94037981e86a783ca917672 |
| SHA1 | 0f66c4bdfad441264d1020395713e17aa6094cc7 |
| SHA256 | e8934de390dee7829e0f35a0b3688cdcc318bdfa090258e66dd585e922627e7f |
| SHA512 | 2da8e7d3fca2979350f2a4887cc62ab4ce8d3915ce60091c0212248d5580a6537fcf9843ce1bf43ccd48bc8f3dade2667d1262e1c5c1485e364796975d672ba1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22b9a5daea44d66da208a225a5b12363 |
| SHA1 | 89812428e3992dad8ec3a225969f3297c73fb008 |
| SHA256 | d5181f27f0dd3b293099d9dc236c1dc92366abc6d47d366edee2b6349033276f |
| SHA512 | 5807088daead307b0dd503f076b4df92f298e5cca0b7f686b593ebcee9c889c795fe27ce11ca003b96481f76cd1d81f49c3a8ee44ee2e5a1f533ea1e3221e081 |