Malware Analysis Report

2025-05-05 21:09

Sample ID 241026-qkqb9avbnb
Target MCTrafficer(2).exe
SHA256 a44d4d8dee755988f280f95fd7b4b54952be4ea4a336d58c6a9c427deb0bb55f
Tags
pyinstaller pysilon discovery upx evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a44d4d8dee755988f280f95fd7b4b54952be4ea4a336d58c6a9c427deb0bb55f

Threat Level: Known bad

The file MCTrafficer(2).exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon discovery upx evasion execution persistence

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

UPX packed file

Browser Information Discovery

Unsigned PE

Detects Pyinstaller

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 13:19

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 13:19

Reported

2024-10-26 13:26

Platform

win7-20240903-en

Max time kernel

104s

Max time network

295s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1936 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
PID 1936 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
PID 1936 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
PID 2136 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 2588 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2136 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe

"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"

C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe

"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b29758,0x7fef6b29768,0x7fef6b29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1404 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1160,i,12250151536073083874,16965729686285607645,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.78:443 apis.google.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.46:443 apis.google.com udp
US 8.8.8.8:53 e2c34.gcp.gvt2.com udp
KR 35.216.18.75:443 e2c34.gcp.gvt2.com tcp
KR 35.216.18.75:443 e2c34.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19362\python310.dll

MD5 701e2e5d0826f378a53dc5c83164c741
SHA1 62725dbee8546a7c9751679669c4aeb829bcb5a7
SHA256 9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2
SHA512 df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

memory/2632-1253-0x000007FEF5EA0000-0x000007FEF630E000-memory.dmp

memory/2632-1254-0x000007FEF5EA0000-0x000007FEF630E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2136_APRKKOPKYHTQHGDS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b98ab49cd022ff0d1bd4e53c9e4c46b3
SHA1 3be46fbc9579003e3d0d19d5375927b5999998fc
SHA256 e293e051194dafcfdf405f2a3aabb3d4660a46ea8b351c63996a85c4e105b4c0
SHA512 6a786e77d0f88a823092c9eadb8fb8a941c61c96d1b6f4c371c229b7bbc5a567faec22f7fc2bf35a0ff23a65658947bf178607f7f3e6c1960505169fdc7d6f05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ff3d8ec596f82c24324392e3527bf00
SHA1 67f79ae30d333f71cd704feaec8d32d366faa739
SHA256 2a43ccf230e2b763e045bae1dd668a4b133472c746b96f388a5f3d0695e899ce
SHA512 e523515c4b0a735cbc5b458ab6bc92e977c3f72b0da5f22c61e96b31d19d8de8d36eb283ba994a83233ecce571f597d8aeae481fc8fac064e7093d55479e0d0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 99f95be42adad83f544519784ec11d50
SHA1 68588d8116020d5c35c5e147b3f18ba2ca904840
SHA256 796a4328dd356263447c819a00092cb6ea8f4af28750851cca9f487bc7b12f5e
SHA512 c11fc2a63c8c00a3b42bee78c190797aefb7cc56846107420c348cd613135bbafa9419c6edc6ef009fc217c5b67609fbe60b9c0d0ab4005aab0fac8dcc06adc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5553fb342673a00e7eac5cfab1389526
SHA1 89ac0c3209466beb3a5da7761caf62fac37b43f6
SHA256 6022c6b313c31beba7ddce93495b42967bac93f26d1a42f6d830761aeb1e1673
SHA512 2aed529109818b47cbce7a1e5950eebfa3e58c94ff07338ff157827f6d61d25f86276059c4c1b4e8ac6a4b96cb7dc9efcdea1d1dce0a6cd3d3fc110e77b0e543

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-26 13:19

Reported

2024-10-26 13:26

Platform

win10v2004-20241007-en

Max time kernel

301s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\windowsutility\mctraffic.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\windowsutility\mctraffic.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsutility = "C:\\Users\\Admin\\windowsutility\\mctraffic.exe" C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133744225344195636" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\windowsutility\mctraffic.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1612 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
PID 1612 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe
PID 1676 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1676 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1676 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Windows\system32\cmd.exe
PID 1676 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe C:\Windows\system32\cmd.exe
PID 3908 wrote to memory of 1912 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3908 wrote to memory of 1912 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3908 wrote to memory of 2248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\windowsutility\mctraffic.exe
PID 3908 wrote to memory of 2248 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\windowsutility\mctraffic.exe
PID 3908 wrote to memory of 6028 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3908 wrote to memory of 6028 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2248 wrote to memory of 4040 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Users\Admin\windowsutility\mctraffic.exe
PID 2248 wrote to memory of 4040 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Users\Admin\windowsutility\mctraffic.exe
PID 4040 wrote to memory of 4668 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Windows\system32\cmd.exe
PID 4040 wrote to memory of 4668 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Windows\system32\cmd.exe
PID 4040 wrote to memory of 4880 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4040 wrote to memory of 4880 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4040 wrote to memory of 5228 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4040 wrote to memory of 5228 N/A C:\Users\Admin\windowsutility\mctraffic.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 208 wrote to memory of 516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 3008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 208 wrote to memory of 5168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe

"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"

C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe

"C:\Users\Admin\AppData\Local\Temp\MCTrafficer(2).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x48c 0x394

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\windowsutility\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\windowsutility\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\windowsutility\mctraffic.exe

"mctraffic.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "MCTrafficer(2).exe"

C:\Users\Admin\windowsutility\mctraffic.exe

"mctraffic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\windowsutility\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8b6b4cc40,0x7ff8b6b4cc4c,0x7ff8b6b4cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4408,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=240,i,15553212491410009610,11110141360314247104,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3568 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 127.0.0.1:56519 tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.135.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
GB 216.58.212.196:443 www.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 216.58.212.206:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI16122\python310.dll

MD5 701e2e5d0826f378a53dc5c83164c741
SHA1 62725dbee8546a7c9751679669c4aeb829bcb5a7
SHA256 9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2
SHA512 df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

C:\Users\Admin\AppData\Local\Temp\_MEI16122\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

memory/1676-1255-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16122\base_library.zip

MD5 4ca29d6a8d678046d1ed80249c50cdbe
SHA1 1f5b278adaba8591c2e2a18f48ddd103efc6018b
SHA256 75e5f6af352dac9b250561a49e519a58fc37e2519bfc22ec23ec998fe44cc21b
SHA512 2fbe2b8c115be85c93a884b62b6e0ffaad9af69542c4c7850e46d1854ee1e46d5e5217cbba98b8f89bcb18c6510279904767a73d0e38e3b414e6d46aba284768

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_ctypes.pyd

MD5 fab57c847ccd83d1eda8d0f70223284c
SHA1 9036fb9ddf58384d41805b0f5701d0dd3fc9fe5d
SHA256 f94440debb2c034d504859edb115ae1ba3ec3f65a084178c810eada77cc0b803
SHA512 4dfff55c12415fcf4b75594bee323423a8bcf7cbec0384978d2cde23c803aa447e9935e3990e5f87aa70e4187890ac1b4bed68780bda479707e17a68d6dd398d

C:\Users\Admin\AppData\Local\Temp\_MEI16122\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

memory/1676-1265-0x00007FF8CEF30000-0x00007FF8CEF3F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libffi-7.dll

MD5 36b9af930baedaf9100630b96f241c6c
SHA1 b1d8416250717ed6b928b4632f2259492a1d64a4
SHA256 d2159e1d1c9853558b192c75d64033e09e7de2da2b3f1bf26745124ed33fbf86
SHA512 5984b32a63a4440a13ebd2f5ca0b22f1391e63ac15fe67a94d4a579d58b8bb0628980a2be484ac65ad3a215bbe44bd14fe33ec7b3581c6ab521f530395847dd5

memory/1676-1263-0x00007FF8CDAF0000-0x00007FF8CDB14000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_bz2.pyd

MD5 5f1fcfa6577ed6ecf4099650873ee9d0
SHA1 7f65d93c52f7bbddcad0420822700c3e43881f78
SHA256 f68775b81e881f2bddeda06442e44d2c6820db2dbab37fa1852dc411d8e28a85
SHA512 590d7961656e52b7979deb6b20a344bcac184041ba0f22f58d6422b8f60877260eab57032e41b6375360ff62879f336a7b453494dc435f332198965107857575

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_lzma.pyd

MD5 b45eca52c04371b2812c9104c7698738
SHA1 4da64729787e58d24ca7dda23c50aedbffe2fc22
SHA256 c31b390ad7834ec10dec2ea2af9d110ffd0483df920046c74236ef736b10fbd7
SHA512 0404effb490fda47f1899c931b7de137038ae7afbfad9aa0155e49066f0b7cd74ba3a92628022197d657114a7d84451521bf0a47037252c158b5c83d0ea1d15f

memory/1676-1270-0x00007FF8CD780000-0x00007FF8CD799000-memory.dmp

memory/1676-1271-0x00007FF8C98A0000-0x00007FF8C98CD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_cffi_backend.cp310-win_amd64.pyd

MD5 5988556d3aa9170627d75daeecf3cee7
SHA1 ad7fa07b5ed0918b98cd35d74c601c9e10749137
SHA256 90fdea940467e80faa5d4f921c1a5c65a6e918f6d939747227b0cfaf7bfe149e
SHA512 49471bba4703902eca73055d3ed008eb002ce5f448ad870db3a7de89cf064d604ee6c0b87cca82cd9e36d21c86b6f21245102862643f4455bd230c9e488448b4

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_hashlib.pyd

MD5 12c1703b7464bd94098ee976fbf8672c
SHA1 e73dfb0e9c78ad209fa1a6decd863658d706eba6
SHA256 228f1f78216051c90e5a9cd5aadce01f5c100fe4e60cccd8bcb92fdcbcdda145
SHA512 5b17bcb7e05f0efe15e5362c56d81691f01cdac2737f87486d6cfdfd137d94129b497b6e958a2de6e3f437f4d768da23117d4ad88d22149c9ca4feb474623092

memory/1676-1312-0x00007FF8CC580000-0x00007FF8CC594000-memory.dmp

memory/1676-1314-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libcrypto-1_1.dll

MD5 571796599d616a0d12aa34be09242c22
SHA1 0e0004ab828966f0c8a67b2f10311bb89b6b74ac
SHA256 6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b
SHA512 7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_uuid.pyd

MD5 aa65dc954ce85134a8f5d8604fa543aa
SHA1 75a31d76c85b3a78c906c0564fa7763e74c2fc49
SHA256 d7b691db91a6bdad2256c8ef392b12126090c8f4d1b43bfd3ec5a020b7f6a7ab
SHA512 e40b03e6f0f405295b3cde5e7f5b3fdbb20de04e9715b4a31eebddf800918d86ac1b74431bb74ed94c4326d77699dd7b8bbe884d5718f0a95ca1d04f4690ea9b

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_tkinter.pyd

MD5 28522a9d0fbcfd414d9c41d853b15665
SHA1 801a62e40b573bccf14ac362520cd8e23c48d4a4
SHA256 3898b004d31aec23cf12c61f27215a14a838d6c11d2bc7738b15730518154bb5
SHA512 e7e715c61db3c420cdee4425d67e05973616e60e23308ef2a24e4a25deeeb8d4802de1cd5cf6a997cec2e9ebad29a4c197b885f8d43e9f7b2b015e9c026782e8

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_ssl.pyd

MD5 42469b54eb9a10b20c3ce8007864584d
SHA1 db42e159286406f5092366ca2307af74ed77e488
SHA256 773ab4c98a927ae385ee220a3d59240e2cb86eabc9f3e923e27539b340ca3cf3
SHA512 34c214bdaab507bb091ecff516af2ac1ce1dbc6e0dbf77da6c698e186600bc8236f99e2bb102d2b65ac42a6e4e40a14df6946f3ac97c02bbd0b7ef10aba056dd

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_sqlite3.pyd

MD5 94200ad6269a8af1699b3842d27f87d7
SHA1 a8cf636639ff3e30675cc2c54e5eb4ce86dce8a5
SHA256 ee93640e7fb77633e6e0bc96176fe87e44cbfc92668eab3f7748f6fc9770bece
SHA512 aec9b13cd67c5873d6ceb795edda5784eda5829cd877bc022d03c9d994e4f3a42b4e4846543364a37866ed20e4d736f72eca1224f5684be1b88dd8f7e0d31bde

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_socket.pyd

MD5 7c65a201e922e8be1f176a4c2db7e377
SHA1 78183e083ecb283de6be50bbecca83c93bdceafb
SHA256 bd3edf2966e386649aa773a86d4aaf6c9d858bcc794d23953ad1abca2c3c9b3e
SHA512 f5ce05753a233f7ae3c7404011ede284c2ee2c3e51d5fa19b10be372c4e6e518cb9ff8a707295d750951e04a828c438e8be0611ef3476fc8fc60473174f6071b

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_queue.pyd

MD5 20268609ecebf39a029a6f912222a112
SHA1 1bf5d03a451040d99ce8556e5ab731c73b27f268
SHA256 8120ef496869391ea2625009d8151e9989267912ea398f5fe2fba10b0476b8bf
SHA512 321cb5d5f52e41940030b935fda3b7f184928071f7645c87c5509d2c58c37ccb320fb73527d26aa0f2624b96a15015f9dbb608b5f8e291f2c4af9c4dd08cb923

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_portaudio.cp310-win_amd64.pyd

MD5 bf9f5464020792a3a1042bc7d5a22cb7
SHA1 9703d95401c24fee99a016ee78dcc2e914b3f401
SHA256 579b787831108e8af7bedb93f90decc7ebab26fa0469e0524429b3dbba043d67
SHA512 be198eae15c8820bfc1bc6ab72ebdc574396cfd6a0f2753d9f1be55492b511b28c24c5b057fa599265e0a81b9eccca6bf715e013c81ea94cecd5efcf122cd176

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_overlapped.pyd

MD5 a752451482e3a12bb548d671dfdb8b45
SHA1 cd1b4b5fb4bd967a88f22a309fc4f91df2c5a6e9
SHA256 6c415e1ff4c4cc218c8b3df6678f1eab8d4206bd269f68512910fa04b64b8f22
SHA512 841408f1e01ac372e80882fd2e38207a92a26d5c445172ddc776279e5b08572b72a88011402d644135db145fd0893278999a09db15cc18920103b90fdb76de56

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_multiprocessing.pyd

MD5 9e1a8a2209262745323a3087e3ca5356
SHA1 db5db846be89ed930291afd3e0b5ee31f3e8a50e
SHA256 f7bc9e58a91241d120998e2125173b8ce05fb178e4c77825bcae0f9afd751769
SHA512 bb5741285b773b36a2c24f15d28d172cb96220a662111a587f5ea6a9652a3e09b4795737ae8d2785243990039ebb8f7a597423e3dbd9a69a9cc4917222fa65e7

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_elementtree.pyd

MD5 ad2229ca1802fc2408b59d9ec9460cea
SHA1 f090c8647c2f21c2d46384b9562238559846d793
SHA256 d175def644ad25a6447b3c84fd0aafd75f8f9adf177f3ae9c78d61bfed04b8a0
SHA512 7168cf9ca6ac49f935303e741b3f0e4edee384a2fa64fb4100eebda0e012b4b5aa1a08acba62643debc638c25c6462393ddcd132f7a02c5ed207cd37fda8d895

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_decimal.pyd

MD5 c369a14a7020a3603182a4f5cd22e53a
SHA1 372cea2b33218f57281dcd0613b617ccb3908963
SHA256 04769e2f8182c32c780f0bc9324f30a1a2a904b5395e2fcffabbc0cc4fcbff5c
SHA512 371584f1835485a4acbf77d621cd90c74bf6d870f239ee72b65116f4b7909a6344de09a79615b096789d83bd708af0fd3dcb2220c5cccf76661bdcabdf5f8026

C:\Users\Admin\AppData\Local\Temp\_MEI16122\_asyncio.pyd

MD5 bac1b37093d9a3d8a69c4449067daf79
SHA1 6debc17c8446915b7413685da449f028cf284549
SHA256 b4130ab50e425027634a8a4c01c320a70b8529f2988c3a7fb053e07847b68089
SHA512 24e108ed396c15fe70a4c915a5adadbfaddacab93d20109574b2f3875ed76225f2444098f2f2c47613f5df16d31c5c93dcc77f5af7b6d9b7739d1e392260ec59

C:\Users\Admin\AppData\Local\Temp\_MEI16122\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI16122\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

C:\Users\Admin\AppData\Local\Temp\_MEI16122\unicodedata.pyd

MD5 3cc7f1037a741695b6d3cbb4dfb02a5e
SHA1 03731fafd37b9c8e4da287299d3b09ea6482e1e3
SHA256 0c723804b1f1800d273157684771ff22035db92f83146a1a8d0d4b4d0774bb2f
SHA512 612ff0d4fe423bd4e9c6dc0bd5ef3904ffc7c5595671fc9480ebcb8947759030bd96d8a65c49401f99eaa417264922a9e1026955e29f93186571f2a89151e2d3

C:\Users\Admin\AppData\Local\Temp\_MEI16122\tk86t.dll

MD5 19adc6ec8b32110665dffe46c828c09f
SHA1 964eca5250e728ea2a0d57dda95b0626f5b7bf09
SHA256 6d134200c9955497c5829860f7373d99eec8cbe4936c8e777b996da5c3546ba7
SHA512 4baa632c45a97dc2ca0f0b52fd3882d083b9d83a88e0fa2f29b269e16ad7387029423839756ee052348589b216509a85f5d6ee05a1e8a1850ce5d673ae859c27

C:\Users\Admin\AppData\Local\Temp\_MEI16122\tcl86t.dll

MD5 2ac611c106c5271a3789c043bf36bf76
SHA1 1f549bff37baf84c458fc798a8152cc147aadf6e
SHA256 7410e4e74a3f5941bb161fc6fc8675227de2ad28a1cec9b627631faa0ed330e6
SHA512 3763a63f45fc48f0c76874704911bcefe0ace8d034f9af3ea1401e60aa993fda6174ae61b951188bec009a14d7d33070b064e1293020b6fd4748bee5c35bbd08

C:\Users\Admin\AppData\Local\Temp\_MEI16122\sqlite3.dll

MD5 8d6dba91698b6f58e39828b5ced7f5e7
SHA1 6219675b87355d30ef6531b8a98c9a2b388548df
SHA256 7214db734027b5517c79500bb7123bcbe27c36c284081dffe3acbc8803b0d1c0
SHA512 8c61b254db4ca15b3439c346a1ab0fbf298d93fa534722d990e103c47a2c81c9ad2d695a7202ec8da550c83ed3fa5107def44f0c2615a12a28bd11c9c2f4aaaf

C:\Users\Admin\AppData\Local\Temp\_MEI16122\select.pyd

MD5 7a1b8a953671d61e2ef79b55876c91a5
SHA1 701476f9f4890326acc1390d4b5939c1a63875b6
SHA256 f02fa3749ba56e11b8e55d7b426cdab61186b7d8e7b3590add9b37fa2ec2c061
SHA512 bd900c5e45e89557fef64ba008e414f0a25571fc06dcd7ebd532d66856618c56e0be73e2e5e03c74160c2fd0b7a7c356cdc9ba4bb559d88d6f8813a19a75260a

C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI16122\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI16122\pyexpat.pyd

MD5 9cbd08544dce0712557d8ab3fa0d2d15
SHA1 cff5ea26bd61330146451390d6cecbda1c102c57
SHA256 77813956d86430e1d850989eca1ace8641b7523ecbe1de825bd2fd7094f15f2c
SHA512 e9879b10f26b4205d389de77a978135d285339d971ddae6050cd8453aecf7ed8e39834a685c77aa1beddb8d7d922f4390278c772beb9cd0bfbd7cc8a77c7fc90

C:\Users\Admin\AppData\Local\Temp\_MEI16122\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libssl-1_1.dll

MD5 aabafc5d0e409123ae5e4523d9b3dee2
SHA1 4d0a1834ed4e4ceecb04206e203d916eb22e981b
SHA256 84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831
SHA512 163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI16122\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI16122\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

memory/1676-1316-0x00007FF8CBF90000-0x00007FF8CBFA9000-memory.dmp

memory/1676-1318-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp

memory/1676-1320-0x00007FF8C9390000-0x00007FF8C93BE000-memory.dmp

memory/1676-1322-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp

memory/1676-1323-0x00007FF8CD9E0000-0x00007FF8CDA98000-memory.dmp

memory/1676-1326-0x00007FF8D7890000-0x00007FF8D789D000-memory.dmp

memory/1676-1325-0x00007FF8CDAF0000-0x00007FF8CDB14000-memory.dmp

memory/1676-1328-0x00007FF8CD8C0000-0x00007FF8CD9D8000-memory.dmp

memory/1676-1330-0x00007FF8CD880000-0x00007FF8CD8B7000-memory.dmp

memory/1676-1333-0x00007FF8CFC20000-0x00007FF8CFC2E000-memory.dmp

memory/1676-1331-0x00007FF8CFC30000-0x00007FF8CFC3F000-memory.dmp

memory/1676-1332-0x00007FF8CC580000-0x00007FF8CC594000-memory.dmp

memory/1676-1334-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp

memory/1676-1343-0x00007FF8C9890000-0x00007FF8C98A0000-memory.dmp

memory/1676-1348-0x00007FF8C9330000-0x00007FF8C933E000-memory.dmp

memory/1676-1350-0x00007FF8C9390000-0x00007FF8C93BE000-memory.dmp

memory/1676-1353-0x00007FF8C92C0000-0x00007FF8C92D1000-memory.dmp

memory/1676-1356-0x00007FF8CD880000-0x00007FF8CD8B7000-memory.dmp

memory/1676-1355-0x00007FF8C8F40000-0x00007FF8C8F50000-memory.dmp

memory/1676-1354-0x00007FF8C5340000-0x00007FF8C5355000-memory.dmp

memory/1676-1352-0x00007FF8C92E0000-0x00007FF8C92F5000-memory.dmp

memory/1676-1351-0x00007FF8C9300000-0x00007FF8C9311000-memory.dmp

memory/1676-1349-0x00007FF8C9320000-0x00007FF8C932E000-memory.dmp

memory/1676-1347-0x00007FF8C9340000-0x00007FF8C934F000-memory.dmp

memory/1676-1346-0x00007FF8C9350000-0x00007FF8C935E000-memory.dmp

memory/1676-1342-0x00007FF8CBF90000-0x00007FF8CBFA9000-memory.dmp

memory/1676-1341-0x00007FF8CD560000-0x00007FF8CD570000-memory.dmp

memory/1676-1340-0x00007FF8C9370000-0x00007FF8C9382000-memory.dmp

memory/1676-1339-0x00007FF8CD770000-0x00007FF8CD780000-memory.dmp

memory/1676-1338-0x00007FF8CD850000-0x00007FF8CD85F000-memory.dmp

memory/1676-1337-0x00007FF8CD860000-0x00007FF8CD871000-memory.dmp

memory/1676-1336-0x00007FF8CDF90000-0x00007FF8CDF9E000-memory.dmp

memory/1676-1335-0x00007FF8CFC10000-0x00007FF8CFC1F000-memory.dmp

memory/1676-1345-0x00007FF8C9360000-0x00007FF8C936F000-memory.dmp

memory/1676-1344-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp

memory/1676-1357-0x00007FF8C5320000-0x00007FF8C5334000-memory.dmp

memory/1676-1358-0x00007FF8CFC20000-0x00007FF8CFC2E000-memory.dmp

memory/1676-1359-0x00007FF8C52F0000-0x00007FF8C5312000-memory.dmp

memory/1676-1360-0x00007FF8C4C80000-0x00007FF8C4C9B000-memory.dmp

memory/1676-1361-0x00007FF8C4C60000-0x00007FF8C4C76000-memory.dmp

memory/1676-1362-0x00007FF8C4C40000-0x00007FF8C4C59000-memory.dmp

memory/1676-1363-0x00007FF8BF640000-0x00007FF8BF68D000-memory.dmp

memory/1676-1364-0x00007FF8BFA40000-0x00007FF8BFA51000-memory.dmp

memory/1676-1365-0x00007FF8C52E0000-0x00007FF8C52EA000-memory.dmp

memory/1676-1366-0x00007FF8BFA20000-0x00007FF8BFA3E000-memory.dmp

memory/1676-1367-0x00007FF8BE970000-0x00007FF8BE9CD000-memory.dmp

memory/1676-1368-0x00007FF8BE940000-0x00007FF8BE969000-memory.dmp

memory/1676-1370-0x00007FF8BD440000-0x00007FF8BD46E000-memory.dmp

memory/1676-1369-0x00007FF8C52F0000-0x00007FF8C5312000-memory.dmp

memory/1676-1371-0x00007FF8BE920000-0x00007FF8BE93F000-memory.dmp

memory/1676-1373-0x00007FF8BD2C0000-0x00007FF8BD431000-memory.dmp

memory/1676-1372-0x00007FF8C4C60000-0x00007FF8C4C76000-memory.dmp

memory/1676-1374-0x00007FF8BD2A0000-0x00007FF8BD2BC000-memory.dmp

memory/1676-1376-0x00007FF8BF700000-0x00007FF8BF70B000-memory.dmp

memory/1676-1377-0x00007FF8BD290000-0x00007FF8BD29B000-memory.dmp

memory/1676-1375-0x00007FF8BF640000-0x00007FF8BF68D000-memory.dmp

memory/1676-1378-0x00007FF8C8F80000-0x00007FF8C8F8C000-memory.dmp

memory/1676-1380-0x00007FF8C8F70000-0x00007FF8C8F7B000-memory.dmp

memory/1676-1379-0x00007FF8BFA20000-0x00007FF8BFA3E000-memory.dmp

memory/1676-1381-0x00007FF8C8F60000-0x00007FF8C8F6C000-memory.dmp

memory/1676-1382-0x00007FF8BE940000-0x00007FF8BE969000-memory.dmp

memory/1676-1385-0x00007FF8BD280000-0x00007FF8BD28C000-memory.dmp

memory/1676-1395-0x00007FF8BD210000-0x00007FF8BD21B000-memory.dmp

memory/1676-1397-0x00007FF8BD200000-0x00007FF8BD20D000-memory.dmp

memory/1676-1396-0x00007FF8BD290000-0x00007FF8BD29B000-memory.dmp

memory/1676-1394-0x00007FF8BD220000-0x00007FF8BD22C000-memory.dmp

memory/1676-1393-0x00007FF8BD2A0000-0x00007FF8BD2BC000-memory.dmp

memory/1676-1392-0x00007FF8BD250000-0x00007FF8BD25C000-memory.dmp

memory/1676-1391-0x00007FF8BD230000-0x00007FF8BD23B000-memory.dmp

memory/1676-1390-0x00007FF8BD240000-0x00007FF8BD24B000-memory.dmp

memory/1676-1389-0x00007FF8BD2C0000-0x00007FF8BD431000-memory.dmp

memory/1676-1388-0x00007FF8BD260000-0x00007FF8BD26E000-memory.dmp

memory/1676-1387-0x00007FF8BD270000-0x00007FF8BD27D000-memory.dmp

memory/1676-1386-0x00007FF8BE920000-0x00007FF8BE93F000-memory.dmp

memory/1676-1384-0x00007FF8BD440000-0x00007FF8BD46E000-memory.dmp

memory/1676-1383-0x00007FF8C8F50000-0x00007FF8C8F5B000-memory.dmp

memory/1676-1398-0x00007FF8BD7D0000-0x00007FF8BD7E2000-memory.dmp

memory/1676-1399-0x00007FF8BF820000-0x00007FF8BF82C000-memory.dmp

memory/1676-1400-0x00007FF8BD790000-0x00007FF8BD7C4000-memory.dmp

memory/1676-1401-0x00007FF8BD6D0000-0x00007FF8BD78C000-memory.dmp

memory/1676-1402-0x00007FF8BD6A0000-0x00007FF8BD6CB000-memory.dmp

memory/1676-1403-0x00007FF8BCFB0000-0x00007FF8BD1F9000-memory.dmp

memory/1676-1404-0x00007FF8BD640000-0x00007FF8BD695000-memory.dmp

memory/1676-1405-0x00007FF8BCCD0000-0x00007FF8BCFAF000-memory.dmp

memory/1676-1406-0x00007FF8BABD0000-0x00007FF8BCCC3000-memory.dmp

memory/1676-1407-0x00007FF8BD5F0000-0x00007FF8BD607000-memory.dmp

memory/1676-1408-0x00007FF8BD5C0000-0x00007FF8BD5E1000-memory.dmp

memory/1676-1409-0x00007FF8BD590000-0x00007FF8BD5B2000-memory.dmp

memory/1676-1410-0x00007FF8BD790000-0x00007FF8BD7C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_npx501an.kx3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1676-1475-0x00007FF8C4C60000-0x00007FF8C4C76000-memory.dmp

memory/1676-1469-0x00007FF8CD880000-0x00007FF8CD8B7000-memory.dmp

memory/1676-1467-0x00007FF8D7890000-0x00007FF8D789D000-memory.dmp

memory/1676-1456-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp

memory/1676-1459-0x00007FF8CD780000-0x00007FF8CD799000-memory.dmp

memory/1676-1458-0x00007FF8CEF30000-0x00007FF8CEF3F000-memory.dmp

memory/1676-1477-0x000002B9AA110000-0x000002B9AA1B6000-memory.dmp

memory/1676-1476-0x00007FF8C4C40000-0x00007FF8C4C59000-memory.dmp

memory/1676-1474-0x00007FF8C4C80000-0x00007FF8C4C9B000-memory.dmp

memory/1676-1473-0x00007FF8C52F0000-0x00007FF8C5312000-memory.dmp

memory/1676-1472-0x00007FF8C5320000-0x00007FF8C5334000-memory.dmp

memory/1676-1471-0x00007FF8C8F40000-0x00007FF8C8F50000-memory.dmp

memory/1676-1470-0x00007FF8C5340000-0x00007FF8C5355000-memory.dmp

memory/1676-1468-0x00007FF8CD8C0000-0x00007FF8CD9D8000-memory.dmp

memory/1676-1466-0x00007FF8CD9E0000-0x00007FF8CDA98000-memory.dmp

memory/1676-1465-0x00007FF8C9390000-0x00007FF8C93BE000-memory.dmp

memory/1676-1464-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp

memory/1676-1463-0x00007FF8CBF90000-0x00007FF8CBFA9000-memory.dmp

memory/1676-1462-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp

memory/1676-1461-0x00007FF8CC580000-0x00007FF8CC594000-memory.dmp

memory/1676-1460-0x00007FF8C98A0000-0x00007FF8C98CD000-memory.dmp

memory/1676-1457-0x00007FF8CDAF0000-0x00007FF8CDB14000-memory.dmp

memory/4040-3864-0x00007FF8BDD70000-0x00007FF8BE1DE000-memory.dmp

memory/4040-3905-0x000002AA539B0000-0x000002AA539BB000-memory.dmp

memory/4040-3904-0x000002AA53920000-0x000002AA53967000-memory.dmp

memory/4040-3903-0x00007FF8BFA20000-0x00007FF8BFA3F000-memory.dmp

memory/4040-3902-0x00007FF8C4C60000-0x00007FF8C4C79000-memory.dmp

memory/4040-3901-0x00007FF8C4C80000-0x00007FF8C4C96000-memory.dmp

memory/4040-3900-0x00007FF8C52F0000-0x00007FF8C530B000-memory.dmp

memory/4040-3899-0x00007FF8C5310000-0x00007FF8C5332000-memory.dmp

memory/4040-3898-0x00007FF8C5340000-0x00007FF8C5354000-memory.dmp

memory/4040-3897-0x00007FF8C92C0000-0x00007FF8C92D0000-memory.dmp

memory/4040-3896-0x00007FF8C8F50000-0x00007FF8C8F65000-memory.dmp

memory/4040-3895-0x00007FF8C8F70000-0x00007FF8C8F81000-memory.dmp

memory/4040-3894-0x00007FF8C92D0000-0x00007FF8C92E5000-memory.dmp

memory/4040-3893-0x00007FF8C92F0000-0x00007FF8C9301000-memory.dmp

memory/4040-3892-0x00007FF8C9310000-0x00007FF8C931E000-memory.dmp

memory/4040-3891-0x00007FF8C9320000-0x00007FF8C932E000-memory.dmp

memory/4040-3890-0x00007FF8C9330000-0x00007FF8C933F000-memory.dmp

memory/4040-3889-0x00007FF8C9340000-0x00007FF8C934E000-memory.dmp

memory/4040-3888-0x00007FF8C9350000-0x00007FF8C935F000-memory.dmp

memory/4040-3887-0x00007FF8C9360000-0x00007FF8C9370000-memory.dmp

memory/4040-3886-0x00007FF8CBF90000-0x00007FF8CBFA2000-memory.dmp

memory/4040-3885-0x00007FF8CC580000-0x00007FF8CC590000-memory.dmp

memory/4040-3884-0x00007FF8CC590000-0x00007FF8CC5A0000-memory.dmp

memory/4040-3883-0x00007FF8CD560000-0x00007FF8CD56F000-memory.dmp

memory/4040-3882-0x00007FF8CD770000-0x00007FF8CD781000-memory.dmp

memory/4040-3881-0x00007FF8CD790000-0x00007FF8CD79E000-memory.dmp

memory/4040-3880-0x00007FF8CD850000-0x00007FF8CD85F000-memory.dmp

memory/4040-3879-0x00007FF8CD860000-0x00007FF8CD86E000-memory.dmp

memory/4040-3878-0x00007FF8CD870000-0x00007FF8CD87F000-memory.dmp

memory/4040-3877-0x00007FF8C9890000-0x00007FF8C98C7000-memory.dmp

memory/4040-3876-0x00007FF8BD610000-0x00007FF8BD728000-memory.dmp

memory/4040-3875-0x00007FF8CDF90000-0x00007FF8CDF9D000-memory.dmp

memory/4040-3874-0x00007FF8BD730000-0x00007FF8BD7E8000-memory.dmp

memory/4040-3873-0x00007FF8CD880000-0x00007FF8CD8AE000-memory.dmp

memory/4040-3872-0x00007FF8CE280000-0x00007FF8CE28D000-memory.dmp

memory/4040-3871-0x00007FF8CD8B0000-0x00007FF8CD8C9000-memory.dmp

memory/4040-3870-0x00007FF8BD9F0000-0x00007FF8BDD65000-memory.dmp

memory/4040-3869-0x00007FF8CD8D0000-0x00007FF8CD8E4000-memory.dmp

memory/4040-3868-0x00007FF8CD8F0000-0x00007FF8CD91D000-memory.dmp

memory/4040-3867-0x00007FF8CD920000-0x00007FF8CD939000-memory.dmp

memory/4040-3866-0x00007FF8CEF30000-0x00007FF8CEF3F000-memory.dmp

memory/4040-3865-0x00007FF8CFC10000-0x00007FF8CFC34000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 63839ca2c587eea23100cc82d479e55f
SHA1 c5b694dbeb640f10e0fcad0129c27f6174d74fc6
SHA256 76f1e00bfc3f6d205b1d85eb61309973780f0b515c4e55a63a854e4e34ba1813
SHA512 bca4cd316c2eaaf4f00c9ea0b79000c7e3ebb8b07781590a4227223e49d8db18e074dc04d020d4ee732f6820a6ecc52c93f84cd31ce37c6d7aaf8f2924936536

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3cb97ff7bd61f08a63ae4468287782d6
SHA1 cc1afb2941ac56708fe4bcdbf8e3e670fc990383
SHA256 a34bc497b1ca8888d0da99db04f715dcc351a26d92dd4c33a6a228447ad32d47
SHA512 1f8a20a843b5f87076af13e9dfd85249fc89bac81ff6846380f500262d2fbf032a300e4c21942f7640992ec78bb2749158509c35a1f8d2c562187754f882a7ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c809ba898dfb04f77ece1b184febc312
SHA1 59a0ad2f5383eb60d4dc21f91ed9fe6d15b5f0f8
SHA256 42f4dee1ed265cfd9f13546ddd3d8fd7226380730c18ba8c00e0e51c2a287aea
SHA512 0bab72ae9d12da21db02fcd668f44ace7dacff0004b71db5faa44bc9fd4cf8226cfe4cf3a67ec7e7d54378361b13677509227c1d10cd7cf79c8938a13f4d061f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a213800ad8bb1666c4ee34b815e603c8
SHA1 5624cc7c06f1c4f83ba0cc10a7d056a333bb4b98
SHA256 222493b49b3148576427687a2f6c327416e1e8940f6309970b28bd371ea5b006
SHA512 e256372a640e48a093e41b18c70b86b75d252734dd9638616571999e3979888710e40fc2997e4c4e9226390c1a5a8b1b74da711b0fe2ca919328a003acd83e8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b0d5103c8034981c385c060b8ed56cbc
SHA1 1280f6e2d330df7d1d925e179450e86214789b4f
SHA256 e92497fa0684fe6c8ecc939919b0ef7fc63999186170a7b4ac674b4c8ccd6a28
SHA512 6c285624675e9b2a4323a7e2edf6591986d81e6e31ab687d607dd881245a7e8f38bd4cb76d342712f39e31e9c2047af4dd6690ac00e27491929ad250cf30110e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a7e5aa4744944b264889647f47fa4cd
SHA1 2031b0ff2c237836657d70a8118f339b2470565d
SHA256 d51bdc22c76161d60ec9054a98b48ef7f6b20997c99a47c3ce98832438fa3b18
SHA512 6a425ccdf4d4c8c4991574d67a7666dd11b59941d8318cefac57d6286c5225efdc87e0e1fecd902673741a6f0631cfd741e72740264c0597602277261472a642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0295fb6cabfcffd26de7f79652ea25d4
SHA1 407f1dda61469a0d70b6cd82401b1fbb290d92f0
SHA256 8c431060a3706afd1caed563b42750e0fcfc66cc197b41f6b7ab1af7ef7c84a7
SHA512 667ebbb589548b1326c175b2c050ea81d1bcdf2de270f336ab134c31bd5cbfa208725f804963932dde0a5506d182afd58d8bc94e267cf9c5cab2a0d4c860b021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 441af3364189bc83f25c524982acf12a
SHA1 7e2689bb8daa6351385415ca749c9c323017e5af
SHA256 dfb571b41d41153ad24dcefbcb94b3b8e462aa2440711c85c0d6fe2d964a4e1d
SHA512 7b52fa9fda09a91a26c0302cdbc6e5b78e3351eb1c68b73bc997cb3c0f081b7dd4fc10ccde2e6d9c39381d466a127a4647abfc87a76c3c0a4e9a87d78fff4ab2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb263d924e011337b58951a39c4bf2be
SHA1 839051cfcf002198e9491a3994233302763f3f3b
SHA256 7499e23223ca05be765e38ceedf4186cbd6f8b02feab7eadf5c7c26b8955c150
SHA512 fc57723387a0313fd704938cf68c2da2357b0881b846a75c7ba34a78b01aed46184b62f2e3de065090eac6205bbc8b418933616be5210b27a3c273f8b97c20a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4f59a19c-9bd3-4140-8285-667809a93c9b.tmp

MD5 a003f6436b5931373a2e3517dacbf7eb
SHA1 7085ea9bbd25bd6aa5f4c6cb070e088294587e50
SHA256 c8d8337ab89ae62a4b988a2a253c586205def5d5d499eebf87d7118fe010028d
SHA512 d57d8543a33305b0570003c8f8e6cd68f5a561ebbc402a045d04b068750bea9539ef681085fab3fc5ea58a036bf059bd6310290ef736584431ebb3b32ff830f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b51a847eba80bdb34625f7865f97720f
SHA1 400c5b2d2e964bd6121ed3a2b323f635dc9ce70f
SHA256 adc76872c3badbce7a7fc0884e64c794b11e835a6d8a60aa1292db39ec1f98f2
SHA512 5cc42e62e9cfcab674285d0888fc8bc2ea0c82cd0549fcce6ad6efa6b6a8d1c278291f082927e664086a8694cdb5e6070f36cce46788dcc9d59e82668c1c693a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\000bf039-d380-42da-8013-234bbd8e539b.tmp

MD5 65e2da5d49ee4746513cd3ee561f44b9
SHA1 54b1eaf4029d4498c092381a6b0c86e2217a96dc
SHA256 8f554922010a6df83cb70bed5f79047f7e37aad8cc2e7021537c123e564f76e3
SHA512 6e44d78c62419587061fe64774b16834fb08f7c0cfe1933ba799d9ca8d3064aa3c90ce949b9b832782dccc1ace7221049689fc7774eb1168e3111f9189b4713c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05a9a7658a7964f5512630ce88c4fcc0
SHA1 246f261185e2202891b9d75b61776351ebef8f1a
SHA256 50068c00f3f339e15b9bd220be50c92b2f984d6a921a4fa88978b857e1e34587
SHA512 e573c1d147bdedbc96da0916cb8eff548adde803e0f826bd270598965fbb4656991a6c538e6096ac3673048adb154ec7d9d76714194e580ff9741ac2952840b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e9e8466a79a8a7b668562487a48e2cb
SHA1 da771a0213ad86acb86c6273b29ca13cb7bf1c18
SHA256 70312f10134572f639045cd11c49e60630465b504a01c3ae2d557f81e4f91132
SHA512 eeb15309241d142c030cd5e3c6a5dccfdf0df3d335ed48125c28a9817f25cc8f47ac392bb9b5733fcb9ce757c96d8d08c431eee586ef96f270ab08bcf8321cb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 309bcdfa7c3cfb1fea32f385c76a511c
SHA1 21ca441b9a4a4c3b85a9b1bd48234aeecda22b89
SHA256 54ea73e6ec295546e7dd3d113a11f5e6fe0ba87ef4e6fb71ff4d6cb5d25219d6
SHA512 0df67027f40e29c4c398f2cedeece1e6db9706672c07f74c6c99566a9ea5f3b02c9d09be8ace522fcb4661f86c7271b01cf9dc33a8eb149ca7ba52cf671d7447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dcb300edcfd327ded46b91f11f9eaaa
SHA1 6097103d42ad0e1bf1c77d7586b387bc985ebc00
SHA256 f048ddbb0d9e0dc55fdcb3c781ea44d6d47604b04be1f3f2fee5aa424da8a56a
SHA512 9d05ce870f8ff55bd3501d516f761fbdbf5fc8a8779e957c83d19f124e5a87c7c324cfc0691397f196507b87b696e8614225ea0fa09d418ecf2a965ce5cfff32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26341b70c2a9fac28ab839f5d67c171b
SHA1 cad2f02be80bc617459a1ae690e88697e27e10d9
SHA256 cef34461f5429ecb6f96566406fd4849bd5bd97d7445f1b4df6b455ac1809e0e
SHA512 fe468e593cd2a9d5020c5f77ab7039fba6a93b33c67234f2a38202c7ac7e8e6784960d255e1a6d42ebec29db612974e33ac61d7641531b2e933869443aeaa2bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e520d98b5f18b3d70a711d17bdaa0e33
SHA1 b746dddac8493fc9b43ceceeda83667e609b67d6
SHA256 b2d96d29bf113d83b8094bab81e1e09e4000cd51b7fcbd82ca1091e35b065bd9
SHA512 fc222c26f95d5e2bc66f27ca8a4e91ac20df6cbefa51fb33b78b2abb4d502e4bab2c2697d28dcd3913e5d45e35c2c7e607baca05a63d7170d0f84e92eae37ab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 56db00cf99899ccf4c0e12966daea26c
SHA1 b90f72dc8601157489010f2a1b63b9d6051f2715
SHA256 e0e3080235933c927670557399667808cb11aaefa0722de18e7b393a9b33b0e2
SHA512 e4d94eaf2fb89aecf06f781d0492010ff57c3002824f9bb6d3c158701aa588d2d400879d0a2b71a4c1332d119824a6c9dc9e0177eda75b4ec9110dd80c459623

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c263928de94037981e86a783ca917672
SHA1 0f66c4bdfad441264d1020395713e17aa6094cc7
SHA256 e8934de390dee7829e0f35a0b3688cdcc318bdfa090258e66dd585e922627e7f
SHA512 2da8e7d3fca2979350f2a4887cc62ab4ce8d3915ce60091c0212248d5580a6537fcf9843ce1bf43ccd48bc8f3dade2667d1262e1c5c1485e364796975d672ba1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22b9a5daea44d66da208a225a5b12363
SHA1 89812428e3992dad8ec3a225969f3297c73fb008
SHA256 d5181f27f0dd3b293099d9dc236c1dc92366abc6d47d366edee2b6349033276f
SHA512 5807088daead307b0dd503f076b4df92f298e5cca0b7f686b593ebcee9c889c795fe27ce11ca003b96481f76cd1d81f49c3a8ee44ee2e5a1f533ea1e3221e081