bitrat | hxxps://github[.]com/xXprogtXx1/discord-logger-

Analysis

max time kernel
102s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/xXprogtXx1/discord-logger-

Score

10^/10

bitrat pyinstaller trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

Cluluvsu-34807.portmap.host:34807

Attributes

communication_password
e10adc3949ba59abbe56e057f20f883e
install_dir
sdudir
install_file
sudir
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4520	discord logger.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00060000000232d1-513.dat	upx
behavioral2/files/0x00060000000232d1-516.dat	upx
behavioral2/memory/368-544-0x00007FFAD2840000-0x00007FFAD2CA4000-memory.dmp	upx
behavioral2/files/0x00060000000232d6-587.dat	upx
behavioral2/files/0x00060000000232bb-589.dat	upx
behavioral2/files/0x00060000000232c9-593.dat	upx
behavioral2/memory/368-596-0x00007FFAEA1E0000-0x00007FFAEA1EF000-memory.dmp	upx
behavioral2/files/0x00060000000232d3-600.dat	upx
behavioral2/memory/368-607-0x00007FFAE8ED0000-0x00007FFAE8F01000-memory.dmp	upx
behavioral2/files/0x00060000000232d8-612.dat	upx
behavioral2/memory/368-615-0x00007FFAE9090000-0x00007FFAE90A9000-memory.dmp	upx
behavioral2/memory/368-617-0x00007FFAE5E90000-0x00007FFAE5EBC000-memory.dmp	upx
behavioral2/memory/368-618-0x00007FFAE50D0000-0x00007FFAE5191000-memory.dmp	upx
behavioral2/memory/368-619-0x00007FFAE56F0000-0x00007FFAE571C000-memory.dmp	upx
behavioral2/files/0x00060000000232d5-623.dat	upx
behavioral2/files/0x00060000000232c5-629.dat	upx
behavioral2/files/0x00060000000232c5-628.dat	upx
behavioral2/files/0x00060000000232cf-627.dat	upx
behavioral2/files/0x00060000000232c6-625.dat	upx
behavioral2/memory/368-630-0x00007FFAE5E70000-0x00007FFAE5E8E000-memory.dmp	upx
behavioral2/memory/368-633-0x00007FFAE4B30000-0x00007FFAE4CA1000-memory.dmp	upx
behavioral2/memory/368-634-0x00007FFAE77D0000-0x00007FFAE77DA000-memory.dmp	upx
behavioral2/memory/368-636-0x00007FFAE4D60000-0x00007FFAE4D8E000-memory.dmp	upx
behavioral2/memory/368-637-0x00007FFAD2050000-0x00007FFAD23C7000-memory.dmp	upx
behavioral2/memory/368-638-0x00007FFAE4A70000-0x00007FFAE4B27000-memory.dmp	upx
behavioral2/memory/368-639-0x00007FFAE56B0000-0x00007FFAE56C5000-memory.dmp	upx
behavioral2/memory/368-640-0x00007FFAE7730000-0x00007FFAE773D000-memory.dmp	upx
behavioral2/memory/368-635-0x00007FFAE56D0000-0x00007FFAE56E8000-memory.dmp	upx
behavioral2/memory/368-645-0x00007FFAE4CF0000-0x00007FFAE4CFE000-memory.dmp	upx
behavioral2/memory/368-648-0x00007FFADFBE0000-0x00007FFADFBEE000-memory.dmp	upx
behavioral2/memory/1384-651-0x00007FFAE2B30000-0x00007FFAE2B54000-memory.dmp	upx
behavioral2/memory/1384-650-0x00007FFAE4D00000-0x00007FFAE4D13000-memory.dmp	upx
behavioral2/memory/368-649-0x00007FFAD5C00000-0x00007FFAD5C11000-memory.dmp	upx
behavioral2/memory/368-647-0x00007FFAE47E0000-0x00007FFAE47EF000-memory.dmp	upx
behavioral2/memory/1384-646-0x00007FFAD5C40000-0x00007FFAD5C71000-memory.dmp	upx
behavioral2/memory/1384-644-0x00007FFAE50C0000-0x00007FFAE50CD000-memory.dmp	upx
behavioral2/memory/1384-643-0x00007FFADB840000-0x00007FFADB859000-memory.dmp	upx
behavioral2/memory/1384-642-0x00007FFAE52B0000-0x00007FFAE52BF000-memory.dmp	upx
behavioral2/memory/368-641-0x00007FFAD4000000-0x00007FFAD4118000-memory.dmp	upx
behavioral2/files/0x00060000000232d5-622.dat	upx
behavioral2/files/0x00060000000232c4-621.dat	upx
behavioral2/memory/368-616-0x00007FFAE7740000-0x00007FFAE7758000-memory.dmp	upx
behavioral2/files/0x00060000000232d2-614.dat	upx
behavioral2/memory/368-611-0x00007FFAE90E0000-0x00007FFAE90F3000-memory.dmp	upx
behavioral2/memory/368-653-0x00007FFAE4F70000-0x00007FFAE4F7F000-memory.dmp	upx
behavioral2/memory/368-656-0x00007FFADBEE0000-0x00007FFADBEF0000-memory.dmp	upx
behavioral2/memory/368-657-0x00007FFADB830000-0x00007FFADB840000-memory.dmp	upx
behavioral2/memory/368-658-0x00007FFAD3F90000-0x00007FFAD3FA2000-memory.dmp	upx
behavioral2/memory/368-660-0x00007FFAD3F60000-0x00007FFAD3F70000-memory.dmp	upx
behavioral2/memory/1384-659-0x00007FFAD3F70000-0x00007FFAD3F88000-memory.dmp	upx
behavioral2/memory/368-663-0x00007FFAD3F30000-0x00007FFAD3F3F000-memory.dmp	upx
behavioral2/memory/368-664-0x00007FFAD3F20000-0x00007FFAD3F2E000-memory.dmp	upx
behavioral2/memory/368-667-0x00007FFAD3D00000-0x00007FFAD3D15000-memory.dmp	upx
behavioral2/memory/368-673-0x00007FFAD3BD0000-0x00007FFAD3BEB000-memory.dmp	upx
behavioral2/memory/368-676-0x00007FFAD3BF0000-0x00007FFAD3C04000-memory.dmp	upx
behavioral2/memory/368-694-0x00007FFAD3B90000-0x00007FFAD3BBB000-memory.dmp	upx
behavioral2/memory/1384-733-0x00007FFAD3640000-0x00007FFAD3658000-memory.dmp	upx
behavioral2/memory/1384-755-0x00007FFAD3B80000-0x00007FFAD3B8A000-memory.dmp	upx
behavioral2/memory/1384-732-0x00007FFAD1BA0000-0x00007FFAD1D11000-memory.dmp	upx
behavioral2/memory/1384-682-0x00007FFAD3A90000-0x00007FFAD3AAE000-memory.dmp	upx
behavioral2/memory/368-678-0x00007FFAD1D20000-0x00007FFAD2044000-memory.dmp	upx
behavioral2/memory/1384-760-0x00007FFAD23D0000-0x00007FFAD2834000-memory.dmp	upx
behavioral2/memory/1384-772-0x00007FFAD3610000-0x00007FFAD363E000-memory.dmp	upx
behavioral2/memory/368-675-0x00007FFAD3C90000-0x00007FFAD3CA4000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
101	raw.githubusercontent.com
112	discord.com
115	discord.com
114	discord.com
100	raw.githubusercontent.com
108	discord.com
109	discord.com
111	discord.com
113	discord.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
103	api.ipify.org
104	api.ipify.org
106	api.ipify.org
107	api.ipify.org

Detects Pyinstaller 7 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x00090000000231e5-297.dat	pyinstaller
behavioral2/files/0x000a000000023264-321.dat	pyinstaller
behavioral2/files/0x000a000000023264-324.dat	pyinstaller
behavioral2/files/0x000a000000023264-323.dat	pyinstaller
behavioral2/files/0x000a000000023264-438.dat	pyinstaller
behavioral2/files/0x000a000000023264-512.dat	pyinstaller
behavioral2/files/0x000a000000023264-581.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 674109.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
560	msedge.exe
560	msedge.exe
2540	msedge.exe
2540	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
644	msedge.exe
644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 1368	2540	msedge.exe	25
PID 2540 wrote to memory of 1368	2540	msedge.exe	25
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 1612	2540	msedge.exe	91
PID 2540 wrote to memory of 560	2540	msedge.exe	90
PID 2540 wrote to memory of 560	2540	msedge.exe	90
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92
PID 2540 wrote to memory of 4176	2540	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/xXprogtXx1/discord-logger-
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae4a546f8,0x7ffae4a54708,0x7ffae4a54718
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,5660142136767207904,7212766325027244259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644
- C:\Users\Admin\Downloads\discord logger.exe
  "C:\Users\Admin\Downloads\discord logger.exe"
  2⤵
  - Executes dropped EXE
  PID:4520
- - C:\Users\Admin\AppData\Roaming\BUILT.EXE
    "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
    3⤵
    PID:5024
  - - C:\Users\Admin\AppData\Roaming\BUILT.EXE
      "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
      4⤵
      PID:368
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:2996
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:4800
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:3812
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:5052
- - C:\Users\Admin\AppData\Roaming\STUB.EXE
    "C:\Users\Admin\AppData\Roaming\STUB.EXE"
    3⤵
    PID:4348
- C:\Users\Admin\Downloads\discord logger.exe
  "C:\Users\Admin\Downloads\discord logger.exe"
  2⤵
  PID:644
- - C:\Users\Admin\AppData\Roaming\STUB.EXE
    "C:\Users\Admin\AppData\Roaming\STUB.EXE"
    3⤵
    PID:4188
- - C:\Users\Admin\AppData\Roaming\BUILT.EXE
    "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
    3⤵
    PID:3808
  - - C:\Users\Admin\AppData\Roaming\BUILT.EXE
      "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
      4⤵
      PID:1384
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:1220
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:1332
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:4876
- C:\Users\Admin\Downloads\discord logger.exe
  "C:\Users\Admin\Downloads\discord logger.exe"
  2⤵
  PID:4448
- - C:\Users\Admin\AppData\Roaming\BUILT.EXE
    "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
    3⤵
    PID:1636
  - - C:\Users\Admin\AppData\Roaming\BUILT.EXE
      "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
      4⤵
      PID:4216
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:856
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:5088
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:1892
- - C:\Users\Admin\AppData\Roaming\STUB.EXE
    "C:\Users\Admin\AppData\Roaming\STUB.EXE"
    3⤵
    PID:2352
- C:\Users\Admin\Downloads\discord logger.exe
  "C:\Users\Admin\Downloads\discord logger.exe"
  2⤵
  PID:396
- - C:\Users\Admin\AppData\Roaming\BUILT.EXE
    "C:\Users\Admin\AppData\Roaming\BUILT.EXE"
    3⤵
    PID:948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:496

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
1⤵
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5fa21265e796bef69517dd7e2c889637

SHA1
8778a7b0416be5251034d692ecb52c5868fa54e8

SHA256
e4a50dc845798d6c4b7530c8ee264f918660739a8936c361b631d286e6e4b08a

SHA512
4563a989bfaa36c269be8bd019e102ef30716d8962a03290589aa9dbaf5aaa770ce7ff7a8aa3d48dd187592d0392ca689e41d30168e965bfa4e4cdaed65ca645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ae3308f5b59634f0543076a845ab98c3

SHA1
6e7dd698bb87eb341aefac0e7701d707e4bb7002

SHA256
da226de24af6fbc8f88e191b90ec4c05915c9c1658a10602d3a2d34b6a3eef45

SHA512
fcdffc939d03e09c9a5fe1f4972eb1aa71253fa377a18c7a8aa43cfeea8f61ed8bb4c96285a3aeee69661a0355ed1d11407f45a67ef1794ae243cd5f29eb3edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
047e72b446be4e90386aa7920a4c51b2

SHA1
68236cd2b8414d4ba94541904daec688ae87a417

SHA256
decbf87b75893e31fbc089554eb39f2ec1fb2b05867f63144e2a694e3ab350e6

SHA512
8c2c18ff5a45a92c27b14fd48757164e41311eb34294eccb85809bfb67ad31a16ff8673ddf860e1ca4cc4121865c26b2d8caaed413fe059ee26fe856950e0791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
546a6fbfe3cec3cbe1c32a69b859155d

SHA1
e9e39d38f241e42b3e8bf581a50e35d2bc5d13be

SHA256
3b31da4616402dbc42de36c7d61378c17bbb14d423db6678d6e8b791da4995d6

SHA512
13f96b3a841b4120124a858ffa809ca5b0da15e10b4323ccc99b0d796ac81edaf6bed2cf7807ff1e1af2597a657a7d666d060b5250ef5ead3faaefea1f4916d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b10a0d9582c942548a8ae890b22b59c

SHA1
4ba7e80f47e9d08ce28de8cce8cd45d19a2033b2

SHA256
83744f7a8e306984734f9352fc4d256c53025438947c282db3cdeb00245aa1da

SHA512
1f688d0ecf53c37b5f1d315c05708954d3ee69cc961a088025645e1445f126780c952d2bf42fc1ee2ff66ac19508385c2fcae54114b3a1cab7ea4868850fb3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c51e784d291d4bae6158833b56671ee0

SHA1
6c8ffeceaea2ca07ea48606f72384fd22ac9c850

SHA256
094af4251fdf8ead3b03431f35b230cb4aea4876f2cf9e5808ace8a3884fcabf

SHA512
b6cbbc24bcc8b96ca5ed731eaaf35ad9f25aba5f98fffb23d4f29885467d8ae344684f0ded998d0aa35990a70e75b1e8f44002a46637840e3b4e2ea081240b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0985100371b33fa35a9ab4a2c1e7fe87

SHA1
ea9196dd871ce0acda3f3c03b931c2b96e0f9932

SHA256
b34ecf61589abf64be4a6e889f41896d70419bdd9d31fb918e63e885297d3495

SHA512
29cb62aa7305a74cb0d4e0bff397c48d8db82c2d60c3e73e68491b9c766b4758160d09f7cffff8fcae80251a41bf663c32bc9f20e8c85d21a1b43194d5e5ecb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8686466fda40e46dea102c22a38b0381

SHA1
42d9bf28d0302e6b5bf6c6a2d50b9c0b9503272d

SHA256
da8b501210356ddc52d2f5a686f2545b52b576c58688efb1e3720534f69b36be

SHA512
d9b815164dfffa80ec902a9f79120b7b89645723e29aad49726539f536e11a7d03259b4a4114eb201f9a4715519cd4de1956ba65963d9a736db13926345c6ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e52b.TMP

Filesize
874B

MD5
77c8c3d86d6e867ca65c2d9878f7212a

SHA1
47d81501ce4c7477b7b2342c5d6c906d16c717d1

SHA256
b7cd564c53b371f7f61d757a5d68893c6a0eada6717822ed0ce6800961c31e06

SHA512
5face5537792b6b5511d3222eaee5c9cddae0ca598eeb9c3372655e50c5e35066f370f14fe0b73762ed45b7ad388822c12bd3a961bd6176ced0b040f5eb4852c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c67033a99a48f8368657c3d9f756712

SHA1
14fdadf612b54375dc1b525c5411c9849aaf709b

SHA256
a99872231ac1074dd05596c862ad7cce1ce925521d3a6cfb71558a407f5dc3a1

SHA512
e708013b130d24f8a2d3bc02179e90e8a054728132fcc983c4ab788273f01d58337ffe419fd531e0afb032958f723c2ec055f11f20eca79daf6a75098c99e842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c8fbbbfcaa16b0490a4047dd21fcec70

SHA1
2cdd427c540bcd27e95832c5c46e57d9e8293822

SHA256
646e7f7f45d246dd402168ad7aa22b3e2bd7595013adaece8db65913188129ef

SHA512
ef93c5c7468fd201661a2ee59cea2192dd6e225b2306edb7bdc6eedcb94e9a1951b525c0d330b88e941de10b72164c8f28c3e2b293214bfcff5f91ad3e734400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a7c1f983ccf7689db4d4c711644c870

SHA1
a1902e7aa8f1185fe0ae45fdf6bebbbcec5b6bae

SHA256
67a1dc90f11b6e32f3679d31f7d0039379169cf0ade31afc2a953b1f52f232dc

SHA512
63b7b210a6d310f3da2cc809d7b506d66e9735d97061708019108405215c7f94124b166d487680b4a9cb3f3889a90c3855935ec313d6bd5324b468fc8085b19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d2119c8983809e66fbb058011cd868c

SHA1
b6d1f1ac2eea224b19a6c5bf5cd4931d1d4ec14b

SHA256
d8b1b3b06d4fb0430fb56642980bcab2bcd36e162ca3eab78ece040f6e0afa1c

SHA512
f22dab5a63eb12af747cf1498387c675341000df6a3c8414f3fbdef08dde54da4a795444c177f78c9371549772f955bbe5eead4dbc8acb85bec843ce0708752d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI38082\python310.dll

Filesize
1.4MB

MD5
99cb804abc9a8f4cb8d08d77e515dcb7

SHA1
0d833cb729f3d5c845491b61b47018c82065f4ad

SHA256
8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

SHA512
43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_bz2.pyd

Filesize
44KB

MD5
ce6c69e1dc84e121705c54ba81459e28

SHA1
24c9d564499874edfa7774aa0d716da768974745

SHA256
fa8b830bef67499cf8e51cb9717faffc297e769c0d971a3bb5e0d5737879380e

SHA512
0059a69ff3435488d9050293d448574a09777bf2eb00bdf92c69a6cd46326b4d965580a51e299919591635b3a04b869f6a261ca425353439943685c983b6bdaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ctypes.pyd

Filesize
18KB

MD5
e355cafa58ff10b702c3209987989391

SHA1
f61c083b8512a7d3247d2ae38759b7ba6b3745bc

SHA256
19d30931360a1b0d78d037433a188c0f98db6170f2b0ea3822b47b06fa079834

SHA512
feb715f3accb5fed30698e0b3afd0526b9aea618b25bc1abb17f9b5154be49beb63613001dd0224f9dfd5daf21c784437c1417ab1153a092dad215617b2b0667

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ctypes.pyd

Filesize
55KB

MD5
91ce50ef25d06d7379719d50fac1f974

SHA1
f3c1485bd346f114976b17bc091025fd8c75c484

SHA256
149cf22c6f31f884690b9d99ca281e4ddcd6518bd5bff16d4ed137c723aaefd7

SHA512
413540a6019c9d23f5be142dedf067ba234fa9d782be1264e4bcb218e1b0b17abdab3f8cf85f4c8e7bcddb6428261120159d916537cbc2613b7bb3397f465092

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_lzma.pyd

Filesize
82KB

MD5
6bbd2fb5f943394b6749e830bf7716bd

SHA1
dc82869d06977364f4a4c684118402a0d12e05a8

SHA256
baa808a714c5c5311996391eea73bb7e33874e3f31a6cc4c245c04c3887d7d59

SHA512
1562f3d3b3faa5338d4f5696524e93710486d86c1e8800b99c58f4153eb126192504c147780d63ffcdb3dfa0eac450979c301c2d769cbeeca5e06a40490a2c66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_socket.pyd

Filesize
39KB

MD5
24c4b33ec1d5734335fa1ac2b0587665

SHA1
1ca34ed614101fd749c48d5244668207c29ea802

SHA256
573bcd6092e1fdf64292d0fb596deff3511fe35d2e310c0d8cc7f62a8a043a52

SHA512
38dc4e3a80682a8b397bc3eb29f813f39ff4de28c660ce7cc67c30e7789c0a2c3064f4c88e3978931cb3af54bae82b7874c4cee61ff09f4d14a4498297caa1f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_sqlite3.pyd

Filesize
46KB

MD5
a0b4c0744b309d3a2133a8ecff74a5e4

SHA1
d9478b5d8f0cf1d729c5adec5bc25cdddd3f34cf

SHA256
2dbbf2316f41643cc51fdf9ed3eff95707369817e163d9765a9eb527a572b2ea

SHA512
8cb40ef2060d2506c660661e16b8ed38cf1d52f359fa9fdd86882bdcd34cb433e4eb31a0fd11de08ef9081ac4d346a91296357fd3bd30bfd8f451558e388f0dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ssl.pyd

Filesize
36KB

MD5
191ea3c15881b23b3154f9eb21699ee0

SHA1
34d4ec2b5d23046acf379996e5ed45621f472886

SHA256
ca799c4fbe2b352d32bfc4b9084a478ba64162e691e2d45d725c03372c4aa97d

SHA512
01e5280d3a00e732e2180d38edde42b46d21b478d173ef58da39551859282ce67e6294b6441d996808b16e21fcee7200bd93ff279b2070f005c0d7d611f6f733

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_ssl.pyd

Filesize
59KB

MD5
087f6076c03f82e72c4dec3a13fcd415

SHA1
4047aaec4602a24d38ec055fa7e22eb24d31dfd2

SHA256
2a6f63c9a94fdf845416e5c60cead86632ac6fc132171ced9b2cd906fbb3b491

SHA512
52ee4849a286fe66fab35eb30f481df5527a9406ff30511eca05397a008c83ff2d90f5c2e897bb51a5f8546079e90310fbb4326f663cbbdb0ed55706d288bde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\_uuid.pyd

Filesize
20KB

MD5
1b1f04c730d1246fd769eeba84ef1e28

SHA1
6aa1202e461159954def1e93b90fc472cb2ddbde

SHA256
78859d62bf5d58d3b678d6928ffc0a9416b54e451d711df3a2c869bd88aebfb4

SHA512
1fd7bb9ab597ee3f619159ae1fcd9f79b2d569c01a65605d1939eb81e5ea50acdad748c9b24ccbb37d4e7bfbc2bcd739dea3f530a82191e15bc4dadb04b0c603

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\base_library.zip

Filesize
812KB

MD5
66a3b1b76ffa9e8647dce5423422f7c1

SHA1
63b9f1b9ac9f9adc0180824bb3ceea11650a13a7

SHA256
de5824d7a62ff80b46f5d81281f609aee71cea0ffd0e04ccceedc345d239d17c

SHA512
ca1c3202937a302c1a7b1af5143f872c79281f0462e1861fdaadddbf8b709b5c4147052be68ce45e9745ca0354b0342ee95aa4a4f02c80b6d6c49eec7a08f5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\libffi-7.dll

Filesize
21KB

MD5
415722c4bb22a9245387ac2e9df829ce

SHA1
f858cdb56831d4ba530d5a0d392bcd8ddea96828

SHA256
52c50c1c9ae399d2952bfbfdcec13b54488a0cdba8755ff9d46a1932467a312b

SHA512
737ce49a21959fceebfcc4a13b521af7624da9d3b092135de56d0e79432d9c6848dfe15109a4df6da8e272ef63a251de44beb0d377ac2cae8acfb7ce55940328

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\psutil\_psutil_windows.cp310-win_amd64.pyd

Filesize
31KB

MD5
773df6d6f7581be635f92d34c53c8c3c

SHA1
0c7168376320d52abb675961a273c97e933c17d5

SHA256
1144c5adf186a49c1394e20fee24e174fe4b79c2b068d6fa07979e3f2f541e0f

SHA512
b1a6b939e5d37c55b83b2a0c0d6fb276ad4e3428da0caf36d2aadc08ae5a6bf5d5b5761b7b8c6adca7eefaa96a6b95980b76f497378f3f5d25d27f8ef67e8b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\python310.dll

Filesize
399KB

MD5
f1165f666c21cc7eba37947b716179b3

SHA1
acdf5f19c9e3e8333b5fb6ab2951d2d974d81d0c

SHA256
f554e1cd5d20e9ae9eefd274f1cf1dbf1b054eb4b7093074b3c1adc43b4c8bc5

SHA512
3dcded70189c171dc95d69d51495c8760d485b104688d624a4ed025dddad5d7369e028b6d975c0073f33e526897bd91f2053da89dd23f310c6690743ed013a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\python310.dll

Filesize
435KB

MD5
0341730ee4129064a87994bdd15e0cc9

SHA1
b8ff72188024b3495f9a52a9f4d35becc9337013

SHA256
66ec9f85a30a0308fc778115ae0da6b3376b0b373707f13b9ae6d45d8fd82467

SHA512
e1fbd04ecfbc4f34a2a63be728d5252b7ace761d4144edf4fad4d7a69143f53d8eea5d882c5995853dcee175f76026c4e5b20d85aebb7e23a1802279566f4f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\pythoncom310.dll

Filesize
194KB

MD5
d1da691fc576f23ed1873c21cd9fa394

SHA1
af29a11f723b82ad5346048f7803ab31013b561b

SHA256
36ebf27c3dd1efb6c5b726008588b142ce0f29e7057bac6826218ecca961e6ad

SHA512
eab588a5aa5febbdfd26cc100a33126dc634edad10d5afa2d96e970d974d42cc7b7dd806e7a46849a05dcf29f4048bb61f04acae7ffb78ee6fefbea3c899f361

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\pywintypes310.dll

Filesize
64KB

MD5
4e27c88594108343530e208f146fde70

SHA1
572727547b3c9b7a3b45d6f9345c56b81900798e

SHA256
8f9cc8363f74fd2cc1bfa75779efe593973dba9d1b607f6eb6ccd121e3c3ea1e

SHA512
64f400419192ddd1ec3e0a383bf0060772e6d173299b8425cc5f4b3535a5aebc28e91ffbfe022ad9c7380797283cc634656c8162c28f1b243cf738d08ab9d0ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\select.pyd

Filesize
22KB

MD5
49ee6cb0cde78c412eb768564daff37d

SHA1
63dd316a30498ea1f984726d8c07fed5d050d8a9

SHA256
f2bd7fdf7236505e97f8e550c2c4aa60f22cc1917169bcf841b73118debbb89b

SHA512
fbfed68a17132de85ec44810817a79db3f6e7c0b15f48a289d6816d98928c8f40876a2ebb815ff97bd4829103b6f6195d89b4a9c5a039d5afdd89f29c663847b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\sqlite3.dll

Filesize
460KB

MD5
b5c93df7a528aa739e9d75c14623b99b

SHA1
2858a57cc202697a3b79d353841cf3f5d1532e09

SHA256
3081340833c92eff1b5537fa896cb7d25a7a649cb7f7cee096049b58f8563d93

SHA512
b1da954ffaa1f2e64a21447d7e66984f2f12d772338226687cc42f49548e3623bc2dfe95012ef25c84a1a11f8ebc920e79c778004da02ad759f31a912a65b095

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\sqlite3.dll

Filesize
106KB

MD5
b5e9cd9768a12e93515c631982849149

SHA1
a4d8de210bc3388838fdcd607d4bd468962630eb

SHA256
dd3a2fb7150fe8cbf6982c4786b9ad27652aef6bfb48419de4a591e2544e268c

SHA512
39d1d63aef568fa610b9db94b8247b2e2c93e3817bff420b547aa02e132122e95f0407ed0692079d5e8a8e0527bfc8dc2a5454c61389b50fb80a81ac8b1bd3a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\tinyaes.cp310-win_amd64.pyd

Filesize
21KB

MD5
af5e3a7771a7e58c1553778a89bb4b9d

SHA1
dbb44cb54e90dbfc8cd92882275c78aba2ad2de8

SHA256
548df00f2fbdbdd2e031754a604c8b0ed5133b563020bc003fb86af3f2096133

SHA512
631d81b2d9e7a3734d23682a5a3427a189c4299e8744edbcb727708e53a22e9622499515839718ff2bfc241601b860cf53b4562771c978caaec07ac9e549d985

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50242\win32api.pyd

Filesize
48KB

MD5
7bca1d0e1e893e5c88574690fedd4433

SHA1
d8b81d053d90798f70ab7efa9b8247e26416a2b5

SHA256
42cc902c9f98561ebdacfa20a8cdc82146a66bf98944fdb830e0ac57c049f665

SHA512
8c9bd1f42f7ddf46ae948acbd65e0651676fad9eb6247ce9b67c2563a60de8344c5d867ea44e2179b9ad7ae4dbc71c71b3c5e24b8167f9120086428b8e46f010

Download Submit
C:\Users\Admin\AppData\Roaming\BUILT.EXE

Filesize
381KB

MD5
29a634197b2a2dde5e7a683a50602853

SHA1
3e0d7fe19744436d55dc415323c90b4292748951

SHA256
0f2d6e3c8b570f6047dcc19daa660c47161853da09c601db5469d0d3ecca912f

SHA512
64afc1e6ebf46b80d39066b1a22152fbdb86cd1462a7f8d859e0ba2cffa5aae19ce5681918a063ec3d740cca655d13cad42b22eb5de93a2c4240d648245ad1c9

Download Submit
C:\Users\Admin\AppData\Roaming\BUILT.EXE

Filesize
515KB

MD5
d0432d0a3c8c77e43d9413b0bc081e2f

SHA1
98003ea90eb5352c676db3f066be72bfd16436da

SHA256
9462366a505fe93c91a7a6d7da6c12c3a64f7dec0074be7e90f8f360e61802fc

SHA512
b524c30f1d53f21b5bafc76e3b187cb07cb152d0ef511403ab51c5f57e2f30c106226ccdc0b0093d4cd3cd68d2b5eb9c82aff9444d22dcd62d542aab1d360fc5

Download Submit
C:\Users\Admin\AppData\Roaming\BUILT.EXE

Filesize
503KB

MD5
046ea0fb5b848d08d18c18581ef1f5e8

SHA1
c4504ce19f3385e7aeaebb27edcd31aca8cc9c63

SHA256
1670423517a8273f68192f6a83ad54304e47a5d39dce32e85166ad1cfb76be9f

SHA512
6aa98a9e2a1961817076bea60c238ea5f05dca30d634e3220cb5ca8e9781482b8ef2860aa7027b6ea3eb818fbe9b52252fb921d35f7cd286afb2e47850fcd89d

Download Submit
C:\Users\Admin\AppData\Roaming\BUILT.EXE

Filesize
461KB

MD5
a554417f0466551ddda3cbb7d6ad3548

SHA1
6c27dbdf379ddb0d7fa1e0d0e2d0583b85a113ee

SHA256
09bc2d71024788c7a95abb86efc19c69baa69aea37d32f065aa08aef847a3cc1

SHA512
3c3c51209719bba199a1b138e03d43662781fa552e853d887b176965736ce505d6f0f6f92c61ebcab18291a6c071b3a2d888fab8889cdd9ef5eb5df717428d4d

Download Submit
C:\Users\Admin\AppData\Roaming\BUILT.EXE

Filesize
458KB

MD5
edd7c3b61616881232a0bb454b4879ae

SHA1
95288bee932dbc7879b970490d28b68fa85e30bb

SHA256
599905d6593a433f0059d70d88cbb8e13c98eda015ac1e77d2ce110050bc9008

SHA512
555c2d86d8da58a4f4f387de74abda0003f2e2816c0fec64956422a70cbcff87ba9b97074879b274a9af16b66bce661caaf69d582945ce7502452cab2a0fa6ed

Download Submit
C:\Users\Admin\AppData\Roaming\BUILT.EXE

Filesize
36KB

MD5
52b922a2769431425bc02c9a15af3cc7

SHA1
1efbd734ab85afcef7a6f988f45c7a12556ab92f

SHA256
331e27765d43ef40968961b3215e8cb44730e361575199978c4032ce00b740b1

SHA512
35db94444649f88906920a8edb1901d29f18affe4e7f8c133493bf97950f4b4379802a2c542bbabdebf9739c42314e1d84417809a65f312fd48e1323cffd7464

Download Submit
C:\Users\Admin\AppData\Roaming\STUB.EXE

Filesize
160KB

MD5
6d4c7665a0598e202f76ab1ffcef322d

SHA1
837c98fc6a1d64b84f55d311fe74f19c76295199

SHA256
bd5a5604c5f826b9ad2db9e6bca4f30727a41043c3a8648304e771612d92a68f

SHA512
a7275f28865c8755eee3d20dfc712a07c392e5b24baebb84a90170728bb96447fe160ffa59b9254c05501f80e154bd2d44cf814be85f2ea6f42aacf32952abf2

Download Submit
C:\Users\Admin\AppData\Roaming\STUB.EXE

Filesize
346KB

MD5
5d9923742ac96f0eecaf88b2f62aa8f0

SHA1
bdcfb04d6b516026397508742c49f107ff25aa17

SHA256
d5ab5aea1c7013580aa1ad064bac714d519826432a6e23853e70d4c526330ae9

SHA512
ca03ea2d9b46534769b6bd103e35bbee26febdf0b5972c443ea2892f6644eca1c122ac4e945f2783b62ae656e9d20f14c76e89f11bfce09cdacabe17d87a7955

Download Submit
C:\Users\Admin\AppData\Roaming\STUB.EXE

Filesize
299KB

MD5
30177dca15085dd6a333b279aa3d5f43

SHA1
31ba211580dcd849d1a20c3a51107a7f86f93781

SHA256
6f656b5b2d92e3159df3d64ee0bd683923fa48e2a3f4034e5c28f87cd38d6e63

SHA512
18377f391575d4c54b163c1c76173173d5662bb44bf580f291ac9bafe2dda705e991b9fc1055160b04a59bf4e3f03a444f82878f79003fb609238604242e5e98

Download Submit
C:\Users\Admin\AppData\Roaming\STUB.EXE

Filesize
604KB

MD5
3a3b01a40393318562ecafd10d686060

SHA1
e44b45d5600aa7e75aca26ebebd50e9232d80b42

SHA256
d64bb14d68660b9f501bfdea75a6f67ce797b14260a2c0df8d08a0c53ee99f1e

SHA512
ec139f20fe2394183064229b03fa047086cfe656f46b2bff220aa1e3ccc0653a9055d82841cf23ff9240f8f0fcfb8e6daa2f92e570ba20aae97f8c48ae8e7060

Download Submit
C:\Users\Admin\Downloads\Loginvault.db

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\Downloads\Loginvault.db

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\Downloads\Loginvault.db

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 674109.crdownload

Filesize
22.5MB

MD5
5f0555a10263f383467a920d22febeed

SHA1
0e4b694afc583d51148fe1368516b4345eeb816a

SHA256
be3d815c8d513afdf55476fe42678549fdc65ea00a77fc8c7ba7c18b374d9723

SHA512
b1703db887aaaae3578de96d3de0a6510e071495c0266c88e464a9dd4248f60884b1a6eb92d3a7b6b81265fc1447096a04fd075b8fe2d1f5fcd463c7ddb588a3

Download Submit
C:\Users\Admin\Downloads\discord logger.exe

Filesize
6.9MB

MD5
cc601694d2eb05f67c8f43650ca9f0e2

SHA1
c6bcccc9808cf5d2839bc509d60bb3daa4669c8d

SHA256
58bdf2809b4866d991883acd0ad3d8108191e44027904e0db23444c1c473abe0

SHA512
0409687e08c4c9aa04d049ac0ec8e5bd8914d1ec0320caf9f75f82e614133ae2c013e1bf3757983a51bbd132ffa15241fb49ff7f2f1f48be81f4a7b29cfa8689

Download Submit
C:\Users\Admin\Downloads\discord logger.exe

Filesize
4.9MB

MD5
995cc1ee03e46a050cd57f8576650736

SHA1
bac41a90b43a512cc69bf1dcb89586172956d3c4

SHA256
6d85c221d0c00986e71beb37a03047a0a7c32e1a77a612fcac42f10d2e07d568

SHA512
1bd2f9940bcaa192aebe263da54fd750e9c7440558f8c56866a1c9f11c454d1424844c2509a2a7a3e05150de73c7c5f940b3bc03ccbf016a51c20b6a2171c470

Download Submit
C:\Users\Admin\Downloads\discord logger.exe

Filesize
618KB

MD5
e631dc5d7d19c8f3c10d9fd09a3e5966

SHA1
8333c6b7913df2e0f10ce4c69368f79e6389e944

SHA256
27ab6f85225043db4f0ba1e1a69bc3dee7c45061085b4893ff4cbe934735f75c

SHA512
6fcd1ba320a8973a3d46549c19de98666b11e9812fe4f16439244e02e4d16cab90412c093be2147f29700aa6ac40e57a6a18e1047616f720116c194bca14d1a5

Download Submit
C:\Users\Admin\Downloads\screenshot.png

Filesize
79KB

MD5
3bf4b90360c94684794e20bc13fa9a0f

SHA1
09a97591d5f408fcf613f9c79a60aff5bde77c74

SHA256
df1f201c99aa848080f52b7d491fbe49eb3c79c4bc60b77a066dc0139896f9c4

SHA512
6aa1c2e842fe9faa99229e2749505dd06002c8faf8c83e93031977b403d11f26d8337c13db17591f06dc2e02b86fd43ad02b244eaf362bc3f8a92835c33c4255

Download Submit
memory/368-987-0x00007FFAD3F90000-0x00007FFAD3FA2000-memory.dmp

Filesize
72KB

Download
memory/368-988-0x00007FFAD3F60000-0x00007FFAD3F70000-memory.dmp

Filesize
64KB

Download
memory/368-635-0x00007FFAE56D0000-0x00007FFAE56E8000-memory.dmp

Filesize
96KB

Download
memory/368-645-0x00007FFAE4CF0000-0x00007FFAE4CFE000-memory.dmp

Filesize
56KB

Download
memory/368-648-0x00007FFADFBE0000-0x00007FFADFBEE000-memory.dmp

Filesize
56KB

Download
memory/368-639-0x00007FFAE56B0000-0x00007FFAE56C5000-memory.dmp

Filesize
84KB

Download
memory/368-958-0x00007FFAD2840000-0x00007FFAD2CA4000-memory.dmp

Filesize
4.4MB

Download
memory/368-649-0x00007FFAD5C00000-0x00007FFAD5C11000-memory.dmp

Filesize
68KB

Download
memory/368-647-0x00007FFAE47E0000-0x00007FFAE47EF000-memory.dmp

Filesize
60KB

Download
memory/368-960-0x00007FFAE90B0000-0x00007FFAE90D4000-memory.dmp

Filesize
144KB

Download
memory/368-964-0x00007FFAE8ED0000-0x00007FFAE8F01000-memory.dmp

Filesize
196KB

Download
memory/368-617-0x00007FFAE5E90000-0x00007FFAE5EBC000-memory.dmp

Filesize
176KB

Download
memory/368-984-0x00007FFADE020000-0x00007FFADE02F000-memory.dmp

Filesize
60KB

Download
memory/368-641-0x00007FFAD4000000-0x00007FFAD4118000-memory.dmp

Filesize
1.1MB

Download
memory/368-986-0x00007FFADB830000-0x00007FFADB840000-memory.dmp

Filesize
64KB

Download
memory/368-638-0x00007FFAE4A70000-0x00007FFAE4B27000-memory.dmp

Filesize
732KB

Download
memory/368-616-0x00007FFAE7740000-0x00007FFAE7758000-memory.dmp

Filesize
96KB

Download
memory/368-637-0x00007FFAD2050000-0x00007FFAD23C7000-memory.dmp

Filesize
3.5MB

Download
memory/368-611-0x00007FFAE90E0000-0x00007FFAE90F3000-memory.dmp

Filesize
76KB

Download
memory/368-653-0x00007FFAE4F70000-0x00007FFAE4F7F000-memory.dmp

Filesize
60KB

Download
memory/368-656-0x00007FFADBEE0000-0x00007FFADBEF0000-memory.dmp

Filesize
64KB

Download
memory/368-657-0x00007FFADB830000-0x00007FFADB840000-memory.dmp

Filesize
64KB

Download
memory/368-658-0x00007FFAD3F90000-0x00007FFAD3FA2000-memory.dmp

Filesize
72KB

Download
memory/368-660-0x00007FFAD3F60000-0x00007FFAD3F70000-memory.dmp

Filesize
64KB

Download
memory/368-636-0x00007FFAE4D60000-0x00007FFAE4D8E000-memory.dmp

Filesize
184KB

Download
memory/368-663-0x00007FFAD3F30000-0x00007FFAD3F3F000-memory.dmp

Filesize
60KB

Download
memory/368-664-0x00007FFAD3F20000-0x00007FFAD3F2E000-memory.dmp

Filesize
56KB

Download
memory/368-667-0x00007FFAD3D00000-0x00007FFAD3D15000-memory.dmp

Filesize
84KB

Download
memory/368-673-0x00007FFAD3BD0000-0x00007FFAD3BEB000-memory.dmp

Filesize
108KB

Download
memory/368-676-0x00007FFAD3BF0000-0x00007FFAD3C04000-memory.dmp

Filesize
80KB

Download
memory/368-694-0x00007FFAD3B90000-0x00007FFAD3BBB000-memory.dmp

Filesize
172KB

Download
memory/368-640-0x00007FFAE7730000-0x00007FFAE773D000-memory.dmp

Filesize
52KB

Download
memory/368-991-0x00007FFAD3F30000-0x00007FFAD3F3F000-memory.dmp

Filesize
60KB

Download
memory/368-990-0x00007FFAD3F40000-0x00007FFAD3F4E000-memory.dmp

Filesize
56KB

Download
memory/368-992-0x00007FFAD3F20000-0x00007FFAD3F2E000-memory.dmp

Filesize
56KB

Download
memory/368-993-0x00007FFAD3F10000-0x00007FFAD3F1E000-memory.dmp

Filesize
56KB

Download
memory/368-678-0x00007FFAD1D20000-0x00007FFAD2044000-memory.dmp

Filesize
3.1MB

Download
memory/368-994-0x00007FFAD3D20000-0x00007FFAD3D31000-memory.dmp

Filesize
68KB

Download
memory/368-995-0x00007FFAD3D00000-0x00007FFAD3D15000-memory.dmp

Filesize
84KB

Download
memory/368-996-0x00007FFAD3CE0000-0x00007FFAD3CF1000-memory.dmp

Filesize
68KB

Download
memory/368-675-0x00007FFAD3C90000-0x00007FFAD3CA4000-memory.dmp

Filesize
80KB

Download
memory/368-674-0x00007FFADE020000-0x00007FFADE02F000-memory.dmp

Filesize
60KB

Download
memory/368-968-0x00007FFAE50D0000-0x00007FFAE5191000-memory.dmp

Filesize
772KB

Download
memory/368-671-0x00007FFAD3F00000-0x00007FFAD3F10000-memory.dmp

Filesize
64KB

Download
memory/368-969-0x00007FFAE5E70000-0x00007FFAE5E8E000-memory.dmp

Filesize
120KB

Download
memory/368-970-0x00007FFAE4B30000-0x00007FFAE4CA1000-memory.dmp

Filesize
1.4MB

Download
memory/368-668-0x00007FFAD3CE0000-0x00007FFAD3CF1000-memory.dmp

Filesize
68KB

Download
memory/368-666-0x00007FFAD3D20000-0x00007FFAD3D31000-memory.dmp

Filesize
68KB

Download
memory/368-665-0x00007FFAD3F10000-0x00007FFAD3F1E000-memory.dmp

Filesize
56KB

Download
memory/368-662-0x00007FFAD3F40000-0x00007FFAD3F4E000-memory.dmp

Filesize
56KB

Download
memory/368-661-0x00007FFAD3F50000-0x00007FFAD3F5F000-memory.dmp

Filesize
60KB

Download
memory/368-634-0x00007FFAE77D0000-0x00007FFAE77DA000-memory.dmp

Filesize
40KB

Download
memory/368-633-0x00007FFAE4B30000-0x00007FFAE4CA1000-memory.dmp

Filesize
1.4MB

Download
memory/368-605-0x00007FFAE9080000-0x00007FFAE908D000-memory.dmp

Filesize
52KB

Download
memory/368-630-0x00007FFAE5E70000-0x00007FFAE5E8E000-memory.dmp

Filesize
120KB

Download
memory/368-544-0x00007FFAD2840000-0x00007FFAD2CA4000-memory.dmp

Filesize
4.4MB

Download
memory/368-596-0x00007FFAEA1E0000-0x00007FFAEA1EF000-memory.dmp

Filesize
60KB

Download
memory/368-594-0x00007FFAE90B0000-0x00007FFAE90D4000-memory.dmp

Filesize
144KB

Download
memory/368-607-0x00007FFAE8ED0000-0x00007FFAE8F01000-memory.dmp

Filesize
196KB

Download
memory/368-615-0x00007FFAE9090000-0x00007FFAE90A9000-memory.dmp

Filesize
100KB

Download
memory/368-619-0x00007FFAE56F0000-0x00007FFAE571C000-memory.dmp

Filesize
176KB

Download
memory/368-618-0x00007FFAE50D0000-0x00007FFAE5191000-memory.dmp

Filesize
772KB

Download
memory/1384-643-0x00007FFADB840000-0x00007FFADB859000-memory.dmp

Filesize
100KB

Download
memory/1384-1003-0x00007FFAD23D0000-0x00007FFAD2834000-memory.dmp

Filesize
4.4MB

Download
memory/1384-651-0x00007FFAE2B30000-0x00007FFAE2B54000-memory.dmp

Filesize
144KB

Download
memory/1384-650-0x00007FFAE4D00000-0x00007FFAE4D13000-memory.dmp

Filesize
76KB

Download
memory/1384-669-0x00007FFAD3CB0000-0x00007FFAD3CDC000-memory.dmp

Filesize
176KB

Download
memory/1384-670-0x00007FFAD3C10000-0x00007FFAD3C3C000-memory.dmp

Filesize
176KB

Download
memory/1384-672-0x00007FFAD3660000-0x00007FFAD3721000-memory.dmp

Filesize
772KB

Download
memory/1384-646-0x00007FFAD5C40000-0x00007FFAD5C71000-memory.dmp

Filesize
196KB

Download
memory/1384-772-0x00007FFAD3610000-0x00007FFAD363E000-memory.dmp

Filesize
184KB

Download
memory/1384-1009-0x00007FFAD5C40000-0x00007FFAD5C71000-memory.dmp

Filesize
196KB

Download
memory/1384-1015-0x00007FFAD1BA0000-0x00007FFAD1D11000-memory.dmp

Filesize
1.4MB

Download
memory/1384-1018-0x00007FFAD3610000-0x00007FFAD363E000-memory.dmp

Filesize
184KB

Download
memory/1384-1014-0x00007FFAD3A90000-0x00007FFAD3AAE000-memory.dmp

Filesize
120KB

Download
memory/1384-1013-0x00007FFAD3660000-0x00007FFAD3721000-memory.dmp

Filesize
772KB

Download
memory/1384-1005-0x00007FFAE2B30000-0x00007FFAE2B54000-memory.dmp

Filesize
144KB

Download
memory/1384-592-0x00007FFAD23D0000-0x00007FFAD2834000-memory.dmp

Filesize
4.4MB

Download
memory/1384-760-0x00007FFAD23D0000-0x00007FFAD2834000-memory.dmp

Filesize
4.4MB

Download
memory/1384-682-0x00007FFAD3A90000-0x00007FFAD3AAE000-memory.dmp

Filesize
120KB

Download
memory/1384-732-0x00007FFAD1BA0000-0x00007FFAD1D11000-memory.dmp

Filesize
1.4MB

Download
memory/1384-755-0x00007FFAD3B80000-0x00007FFAD3B8A000-memory.dmp

Filesize
40KB

Download
memory/1384-733-0x00007FFAD3640000-0x00007FFAD3658000-memory.dmp

Filesize
96KB

Download
memory/1384-644-0x00007FFAE50C0000-0x00007FFAE50CD000-memory.dmp

Filesize
52KB

Download
memory/1384-659-0x00007FFAD3F70000-0x00007FFAD3F88000-memory.dmp

Filesize
96KB

Download
memory/1384-642-0x00007FFAE52B0000-0x00007FFAE52BF000-memory.dmp

Filesize
60KB

Download
memory/2352-707-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/4188-440-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/4348-677-0x00000000748E0000-0x0000000074919000-memory.dmp

Filesize
228KB

Download
memory/4348-652-0x00000000748C0000-0x00000000748F9000-memory.dmp

Filesize
228KB

Download
memory/4348-362-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download