exelastealer | hxxps://cdn[.]discordapp[.]com/attachments/940386505321484388/1255676757592506458/Electron_V3[.]rar?ex=667dff9c&is=667cae1c&hm=f426db7ec8bf91f26d8a0029837a051be5784f88d6109e13f6a39f5242783881&

Analysis

max time kernel
224s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/940386505321484388/1255676757592506458/Electron_V3.rar?ex=667dff9c&is=667cae1c&hm=f426db7ec8bf91f26d8a0029837a051be5784f88d6109e13f6a39f5242783881&

Score

10^/10

exelastealer defense_evasion evasion persistence privilege_escalation pyinstaller spyware stealer upx

Malware Config

Signatures

Exela Stealer
Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.
stealer exelastealer
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098

Modifies Windows Firewall 2 TTPs 6 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
116	netsh.exe
2464	netsh.exe
3664	netsh.exe
2832	netsh.exe
2624	netsh.exe
3192	netsh.exe

Executes dropped EXE 6 IoCs

pid	Process
4668	ElectronV3.exe
1336	ElectronV3.exe
3432	ElectronV3.exe
1404	ElectronV3.exe
3196	ElectronV3.exe
2152	ElectronV3.exe

Loads dropped DLL 64 IoCs

pid	Process
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1336	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
1404	ElectronV3.exe
2152	ElectronV3.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023454-115.dat	upx
behavioral1/memory/1336-119-0x00007FFB9B750000-0x00007FFB9BBB5000-memory.dmp	upx
behavioral1/files/0x0007000000023426-121.dat	upx
behavioral1/memory/1336-127-0x00007FFBAF220000-0x00007FFBAF244000-memory.dmp	upx
behavioral1/files/0x000700000002344e-128.dat	upx
behavioral1/files/0x000700000002342a-142.dat	upx
behavioral1/files/0x0007000000023429-141.dat	upx
behavioral1/memory/1336-140-0x00007FFBAF8E0000-0x00007FFBAF8EF000-memory.dmp	upx
behavioral1/files/0x0007000000023428-139.dat	upx
behavioral1/files/0x0007000000023430-148.dat	upx
behavioral1/files/0x000700000002342f-147.dat	upx
behavioral1/files/0x000700000002342e-146.dat	upx
behavioral1/files/0x000700000002342d-145.dat	upx
behavioral1/memory/1336-150-0x00007FFB9B730000-0x00007FFB9B749000-memory.dmp	upx
behavioral1/files/0x0007000000023455-151.dat	upx
behavioral1/memory/1336-152-0x00007FFBAF780000-0x00007FFBAF78D000-memory.dmp	upx
behavioral1/files/0x000700000002342b-143.dat	upx
behavioral1/files/0x0007000000023424-153.dat	upx
behavioral1/files/0x000700000002342c-144.dat	upx
behavioral1/memory/1336-156-0x00007FFB9B6E0000-0x00007FFB9B70C000-memory.dmp	upx
behavioral1/memory/1336-155-0x00007FFB9B710000-0x00007FFB9B729000-memory.dmp	upx
behavioral1/files/0x0007000000023427-138.dat	upx
behavioral1/files/0x0007000000023425-137.dat	upx
behavioral1/files/0x0007000000023423-135.dat	upx
behavioral1/files/0x0007000000023457-134.dat	upx
behavioral1/memory/1336-158-0x00007FFB9B6C0000-0x00007FFB9B6DE000-memory.dmp	upx
behavioral1/files/0x0007000000023456-159.dat	upx
behavioral1/files/0x0007000000023452-131.dat	upx
behavioral1/files/0x000700000002344f-130.dat	upx
behavioral1/files/0x000700000002344d-129.dat	upx
behavioral1/memory/1336-160-0x00007FFB9B550000-0x00007FFB9B6BD000-memory.dmp	upx
behavioral1/memory/1336-166-0x00007FFB9B460000-0x00007FFB9B516000-memory.dmp	upx
behavioral1/memory/1336-167-0x00007FFB9B0E0000-0x00007FFB9B454000-memory.dmp	upx
behavioral1/files/0x0007000000023451-172.dat	upx
behavioral1/memory/1336-179-0x00007FFBAF220000-0x00007FFBAF244000-memory.dmp	upx
behavioral1/files/0x0007000000023459-182.dat	upx
behavioral1/memory/1336-184-0x00007FFB9AF30000-0x00007FFB9AF52000-memory.dmp	upx
behavioral1/memory/1336-183-0x00007FFB9AF60000-0x00007FFB9B078000-memory.dmp	upx
behavioral1/memory/1336-178-0x00007FFB9B080000-0x00007FFB9B095000-memory.dmp	upx
behavioral1/memory/1336-177-0x00007FFB9B0A0000-0x00007FFB9B0B4000-memory.dmp	upx
behavioral1/memory/1336-176-0x00007FFBAF720000-0x00007FFBAF730000-memory.dmp	upx
behavioral1/memory/1336-175-0x00007FFB9B0C0000-0x00007FFB9B0D4000-memory.dmp	upx
behavioral1/memory/1336-174-0x00007FFB9B750000-0x00007FFB9BBB5000-memory.dmp	upx
behavioral1/memory/1336-162-0x00007FFB9B520000-0x00007FFB9B54E000-memory.dmp	upx
behavioral1/files/0x0007000000023432-186.dat	upx
behavioral1/files/0x0007000000023434-190.dat	upx
behavioral1/files/0x0007000000023433-191.dat	upx
behavioral1/memory/1336-193-0x00007FFB9CF60000-0x00007FFB9CFA9000-memory.dmp	upx
behavioral1/memory/1336-192-0x00007FFBAF480000-0x00007FFBAF499000-memory.dmp	upx
behavioral1/memory/1336-189-0x00007FFBAF4A0000-0x00007FFBAF4B7000-memory.dmp	upx
behavioral1/memory/1336-197-0x00007FFB9CF40000-0x00007FFB9CF5E000-memory.dmp	upx
behavioral1/memory/1336-196-0x00007FFBAF6F0000-0x00007FFBAF6FA000-memory.dmp	upx
behavioral1/memory/1336-195-0x00007FFBA08F0000-0x00007FFBA0901000-memory.dmp	upx
behavioral1/memory/1336-198-0x00007FFB9B6C0000-0x00007FFB9B6DE000-memory.dmp	upx
behavioral1/memory/1336-194-0x00007FFB9B6E0000-0x00007FFB9B70C000-memory.dmp	upx
behavioral1/memory/1336-199-0x00007FFB9C840000-0x00007FFB9CF32000-memory.dmp	upx
behavioral1/memory/1336-187-0x00007FFB9B730000-0x00007FFB9B749000-memory.dmp	upx
behavioral1/memory/1336-201-0x00007FFB9C800000-0x00007FFB9C838000-memory.dmp	upx
behavioral1/memory/1336-200-0x00007FFB9B550000-0x00007FFB9B6BD000-memory.dmp	upx
behavioral1/memory/1336-224-0x00007FFB9B520000-0x00007FFB9B54E000-memory.dmp	upx
behavioral1/memory/1336-258-0x00007FFB9B460000-0x00007FFB9B516000-memory.dmp	upx
behavioral1/memory/1336-259-0x00007FFB9B0E0000-0x00007FFB9B454000-memory.dmp	upx
behavioral1/memory/1336-261-0x00007FFBB3D30000-0x00007FFBB3D3D000-memory.dmp	upx
behavioral1/memory/1336-278-0x00007FFB9B0C0000-0x00007FFB9B0D4000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs

Web Service

T1102

flow	ioc
50	discord.com
51	discord.com
52	discord.com
54	discord.com
198	discord.com
200	discord.com
55	discord.com
168	discord.com
169	discord.com
199	discord.com
201	discord.com
56	discord.com
170	discord.com
171	discord.com
172	discord.com
197	discord.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
30	ip-api.com
166	ip-api.com
195	ip-api.com

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
4364	cmd.exe

Launches sc.exe 3 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2276	sc.exe
3392	sc.exe
1492	sc.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0007000000023418-67.dat	pyinstaller

Event Triggered Execution: Netsh Helper DLL 1 TTPs 27 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Collects information from the system 1 TTPs 3 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
4704	WMIC.exe
2816	WMIC.exe
4440	WMIC.exe

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4872	WMIC.exe
4652	WMIC.exe
2212	WMIC.exe

Enumerates processes with tasklist 1 TTPs 15 IoCs

Process Discovery

T1057

pid	Process
2380	tasklist.exe
1128	tasklist.exe
1724	tasklist.exe
3664	tasklist.exe
4916	tasklist.exe
1768	tasklist.exe
3360	tasklist.exe
3284	tasklist.exe
4700	tasklist.exe
1660	tasklist.exe
3564	tasklist.exe
3076	tasklist.exe
3392	tasklist.exe
3916	tasklist.exe
2904	tasklist.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Gathers network information 2 TTPs 6 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4740	ipconfig.exe
968	NETSTAT.EXE
4976	ipconfig.exe
540	NETSTAT.EXE
2220	ipconfig.exe
2572	NETSTAT.EXE

Gathers system information 1 TTPs 3 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
1668	systeminfo.exe
2340	systeminfo.exe
4696	systeminfo.exe

Kills process with taskkill 24 IoCs

evasion

pid	Process
5076	taskkill.exe
2172	taskkill.exe
2828	taskkill.exe
4704	taskkill.exe
60	taskkill.exe
4348	taskkill.exe
640	taskkill.exe
512	taskkill.exe
668	taskkill.exe
4976	taskkill.exe
2964	taskkill.exe
3724	taskkill.exe
2220	taskkill.exe
3256	taskkill.exe
2204	taskkill.exe
3564	taskkill.exe
532	taskkill.exe
4440	taskkill.exe
1344	taskkill.exe
4360	taskkill.exe
2172	taskkill.exe
3476	taskkill.exe
2324	taskkill.exe
1760	taskkill.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639233626247102"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	OpenWith.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
3060	powershell.exe
3060	powershell.exe
3060	powershell.exe
1280	msedge.exe
1280	msedge.exe
2420	chrome.exe
2420	chrome.exe
1852	powershell.exe
1852	powershell.exe
1852	powershell.exe
4800	chrome.exe
4800	chrome.exe
4900	powershell.exe
4900	powershell.exe
4900	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1768	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeRestorePrivilege	1516	7zG.exe
Token: 35	1516	7zG.exe
Token: SeSecurityPrivilege	1516	7zG.exe
Token: SeSecurityPrivilege	1516	7zG.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeIncreaseQuotaPrivilege	3840	WMIC.exe
Token: SeSecurityPrivilege	3840	WMIC.exe
Token: SeTakeOwnershipPrivilege	3840	WMIC.exe
Token: SeLoadDriverPrivilege	3840	WMIC.exe
Token: SeSystemProfilePrivilege	3840	WMIC.exe
Token: SeSystemtimePrivilege	3840	WMIC.exe
Token: SeProfSingleProcessPrivilege	3840	WMIC.exe
Token: SeIncBasePriorityPrivilege	3840	WMIC.exe
Token: SeCreatePagefilePrivilege	3840	WMIC.exe
Token: SeBackupPrivilege	3840	WMIC.exe
Token: SeRestorePrivilege	3840	WMIC.exe
Token: SeShutdownPrivilege	3840	WMIC.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1516	7zG.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
2172	7zG.exe
4824	7zG.exe
3848	mshta.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
4800	chrome.exe
4800	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1768	OpenWith.exe
1768	OpenWith.exe
1768	OpenWith.exe
1768	OpenWith.exe
1768	OpenWith.exe
1768	OpenWith.exe
1768	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 5064	1124	chrome.exe	81
PID 1124 wrote to memory of 5064	1124	chrome.exe	81
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 464	1124	chrome.exe	82
PID 1124 wrote to memory of 2824	1124	chrome.exe	83
PID 1124 wrote to memory of 2824	1124	chrome.exe	83
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84
PID 1124 wrote to memory of 968	1124	chrome.exe	84

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2172	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/940386505321484388/1255676757592506458/Electron_V3.rar?ex=667dff9c&is=667cae1c&hm=f426db7ec8bf91f26d8a0029837a051be5784f88d6109e13f6a39f5242783881&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaef9ab58,0x7ffbaef9ab68,0x7ffbaef9ab78
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:2
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1836,i,5376295683022868820,8997673903224629668,131072 /prefetch:8
  2⤵
  PID:896

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3392

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap20502:80:7zEvent30245
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3596

C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe
"C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe"
1⤵
- Executes dropped EXE
PID:4668
- C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe
  "C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:1508
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
    3⤵
    PID:1104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get Manufacturer
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "gdb --version"
    3⤵
    PID:1816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:1556
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
    3⤵
    PID:440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get Manufacturer
      4⤵
      PID:852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:1900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:4560
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""
    3⤵
    - Hide Artifacts: Hidden Files and Directories
    PID:4364
  - - C:\Windows\system32\attrib.exe
      attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"
      4⤵
      Views/modifies file attributes
      PID:2172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
    3⤵
    PID:3432
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
      4⤵
      PID:1628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:4972
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1124"
    3⤵
    PID:1360
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1124
      4⤵
      Kills process with taskkill
      PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5064"
    3⤵
    PID:3164
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 5064
      4⤵
      Kills process with taskkill
      PID:1344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 464"
    3⤵
    PID:4488
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 464
      4⤵
      Kills process with taskkill
      PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2824"
    3⤵
    PID:5072
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2824
      4⤵
      Kills process with taskkill
      PID:4704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 968"
    3⤵
    PID:1900
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 968
      4⤵
      Kills process with taskkill
      PID:4360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1700"
    3⤵
    PID:2016
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1700
      4⤵
      Kills process with taskkill
      PID:2172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 832"
    3⤵
    PID:1064
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 832
      4⤵
      Kills process with taskkill
      PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:1472
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:2856
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:2572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:452
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:5096
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:1432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:1464
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:1768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
    3⤵
    PID:2200
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
    3⤵
    PID:4412
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:1668
  - - C:\Windows\system32\HOSTNAME.EXE
      hostname
      4⤵
      PID:4564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic logicaldisk get caption,description,providername
      4⤵
      Collects information from the system
      PID:4704
  - - C:\Windows\system32\net.exe
      net user
      4⤵
      PID:1516
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        5⤵
        
        PID:5008
  - - C:\Windows\system32\query.exe
      query user
      4⤵
      PID:3224
    - - C:\Windows\system32\quser.exe
        
        "C:\Windows\system32\quser.exe"
        5⤵
        
        PID:4360
  - - C:\Windows\system32\net.exe
      net localgroup
      4⤵
      PID:1900
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup
        5⤵
        
        PID:2148
  - - C:\Windows\system32\net.exe
      net localgroup administrators
      4⤵
      PID:1692
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup administrators
        5⤵
        
        PID:1356
  - - C:\Windows\system32\net.exe
      net user guest
      4⤵
      PID:2172
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user guest
        5⤵
        
        PID:2016
  - - C:\Windows\system32\net.exe
      net user administrator
      4⤵
      PID:4372
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user administrator
        5⤵
        
        PID:3392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic startup get caption,command
      4⤵
      PID:2220
  - - C:\Windows\system32\tasklist.exe
      tasklist /svc
      4⤵
      Enumerates processes with tasklist
      PID:1724
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:4976
  - - C:\Windows\system32\ROUTE.EXE
      route print
      4⤵
      PID:3436
  - - C:\Windows\system32\ARP.EXE
      arp -a
      4⤵
      PID:2916
  - - C:\Windows\system32\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      PID:540
  - - C:\Windows\system32\sc.exe
      sc query type= service state= all
      4⤵
      Launches sc.exe
      PID:1492
  - - C:\Windows\system32\netsh.exe
      netsh firewall show state
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:3192
  - - C:\Windows\system32\netsh.exe
      netsh firewall show config
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    PID:224
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:4828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:1768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3bce0ec4h0d35h4972hb135h1cd53f18b001
1⤵
PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb9f1946f8,0x7ffb9f194708,0x7ffb9f194718
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12671610367938746808,5695773390667782430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,12671610367938746808,5695773390667782430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,12671610367938746808,5695773390667782430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba001ab58,0x7ffba001ab68,0x7ffba001ab78
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3620 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3644 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4160 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3648 --field-trial-handle=1812,i,8432606451708349425,13659248849960395403,131072 /prefetch:1
  2⤵
  PID:4036

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2200

C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe
"C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe"
1⤵
- Executes dropped EXE
PID:3432
- C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe
  "C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:3648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:4652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
    3⤵
    PID:1632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get Manufacturer
      4⤵
      PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "gdb --version"
    3⤵
    PID:1012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:2964
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
    3⤵
    PID:2728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get Manufacturer
      4⤵
      PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:2824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:2416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:4708
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
    3⤵
    PID:4736
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
      4⤵
      PID:1632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:1272
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4524"
    3⤵
    PID:2964
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4524
      4⤵
      Kills process with taskkill
      PID:60
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2420"
    3⤵
    PID:3080
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2420
      4⤵
      Kills process with taskkill
      PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 644"
    3⤵
    PID:1540
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 644
      4⤵
      Kills process with taskkill
      PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2812"
    3⤵
    PID:1620
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2812
      4⤵
      Kills process with taskkill
      PID:2324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4908"
    3⤵
    PID:1272
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4908
      4⤵
      Kills process with taskkill
      PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2108"
    3⤵
    PID:2416
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2108
      4⤵
      Kills process with taskkill
      PID:640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4668"
    3⤵
    PID:4272
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4668
      4⤵
      Kills process with taskkill
      PID:2204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4276"
    3⤵
    PID:1084
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4276
      4⤵
      Kills process with taskkill
      PID:1760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4036"
    3⤵
    PID:3020
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4036
      4⤵
      Kills process with taskkill
      PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:4368
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:1308
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:3012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:1668
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:4308
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:1488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:3868
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:3360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
    3⤵
    PID:2864
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
    3⤵
    PID:3336
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:2340
  - - C:\Windows\system32\HOSTNAME.EXE
      hostname
      4⤵
      PID:2336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic logicaldisk get caption,description,providername
      4⤵
      Collects information from the system
      PID:2816
  - - C:\Windows\system32\net.exe
      net user
      4⤵
      PID:3848
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        5⤵
        
        PID:876
  - - C:\Windows\system32\query.exe
      query user
      4⤵
      PID:3476
    - - C:\Windows\system32\quser.exe
        
        "C:\Windows\system32\quser.exe"
        5⤵
        
        PID:1012
  - - C:\Windows\system32\net.exe
      net localgroup
      4⤵
      PID:832
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup
        5⤵
        
        PID:4532
  - - C:\Windows\system32\net.exe
      net localgroup administrators
      4⤵
      PID:3784
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup administrators
        5⤵
        
        PID:804
  - - C:\Windows\system32\net.exe
      net user guest
      4⤵
      PID:968
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user guest
        5⤵
        
        PID:1760
  - - C:\Windows\system32\net.exe
      net user administrator
      4⤵
      PID:2676
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user administrator
        5⤵
        
        PID:4432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic startup get caption,command
      4⤵
      PID:4640
  - - C:\Windows\system32\tasklist.exe
      tasklist /svc
      4⤵
      Enumerates processes with tasklist
      PID:3916
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:2220
  - - C:\Windows\system32\ROUTE.EXE
      route print
      4⤵
      PID:2004
  - - C:\Windows\system32\ARP.EXE
      arp -a
      4⤵
      PID:3512
  - - C:\Windows\system32\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      PID:2572
  - - C:\Windows\system32\sc.exe
      sc query type= service state= all
      4⤵
      Launches sc.exe
      PID:2276
  - - C:\Windows\system32\netsh.exe
      netsh firewall show state
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:2464
  - - C:\Windows\system32\netsh.exe
      netsh firewall show config
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:3664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    PID:896
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:3048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:2720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:4572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba001ab58,0x7ffba001ab68,0x7ffba001ab78
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:2
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1712 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3308 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3156 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5072 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4232 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1904,i,3328334263180038014,17362481306198897495,131072 /prefetch:8
  2⤵
  PID:4416

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Electron_V3\" -ad -an -ai#7zMap22919:80:7zEvent8857
1⤵
- Suspicious use of FindShellTrayWindow
PID:2172

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11887:80:7zEvent17706
1⤵
- Suspicious use of FindShellTrayWindow
PID:4824

C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe
"C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe"
1⤵
- Executes dropped EXE
PID:3196
- C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe
  "C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
    3⤵
    PID:1044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get Manufacturer
      4⤵
      PID:4656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "gdb --version"
    3⤵
    PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:60
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
    3⤵
    PID:736
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get Manufacturer
      4⤵
      PID:1648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:4440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:3952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:5076
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:2904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
    3⤵
    PID:900
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
      4⤵
      Suspicious use of FindShellTrayWindow
      PID:3848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    PID:4728
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4800"
    3⤵
    PID:4368
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4800
      4⤵
      Kills process with taskkill
      PID:512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3476"
    3⤵
    PID:4936
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3476
      4⤵
      Kills process with taskkill
      PID:532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4164"
    3⤵
    PID:4412
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4164
      4⤵
      Kills process with taskkill
      PID:4976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3216"
    3⤵
    PID:4420
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3216
      4⤵
      Kills process with taskkill
      PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3916"
    3⤵
    PID:5112
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 3916
      4⤵
      Kills process with taskkill
      PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1652"
    3⤵
    PID:3452
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 1652
      4⤵
      Kills process with taskkill
      PID:2964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4712"
    3⤵
    PID:3904
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 4712
      4⤵
      Kills process with taskkill
      PID:2172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2604"
    3⤵
    PID:2480
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 2604
      4⤵
      Kills process with taskkill
      PID:668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:1108
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:4060
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:4608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
    3⤵
    PID:3924
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c chcp
      4⤵
      PID:2144
    - - C:\Windows\system32\chcp.com
        
        chcp
        5⤵
        
        PID:1792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:3596
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:4700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
    3⤵
    PID:4652
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe Get-Clipboard
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
    3⤵
    PID:2420
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:4696
  - - C:\Windows\system32\HOSTNAME.EXE
      hostname
      4⤵
      PID:2340
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic logicaldisk get caption,description,providername
      4⤵
      Collects information from the system
      PID:4440
  - - C:\Windows\system32\net.exe
      net user
      4⤵
      PID:4744
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user
        5⤵
        
        PID:3200
  - - C:\Windows\system32\query.exe
      query user
      4⤵
      PID:3512
    - - C:\Windows\system32\quser.exe
        
        "C:\Windows\system32\quser.exe"
        5⤵
        
        PID:4452
  - - C:\Windows\system32\net.exe
      net localgroup
      4⤵
      PID:1472
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup
        5⤵
        
        PID:4168
  - - C:\Windows\system32\net.exe
      net localgroup administrators
      4⤵
      PID:212
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 localgroup administrators
        5⤵
        
        PID:1500
  - - C:\Windows\system32\net.exe
      net user guest
      4⤵
      PID:1712
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user guest
        5⤵
        
        PID:3452
  - - C:\Windows\system32\net.exe
      net user administrator
      4⤵
      PID:2680
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user administrator
        5⤵
        
        PID:2772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic startup get caption,command
      4⤵
      PID:4416
  - - C:\Windows\system32\tasklist.exe
      tasklist /svc
      4⤵
      Enumerates processes with tasklist
      PID:1660
  - - C:\Windows\system32\ipconfig.exe
      ipconfig /all
      4⤵
      Gathers network information
      PID:4740
  - - C:\Windows\system32\ROUTE.EXE
      route print
      4⤵
      PID:4432
  - - C:\Windows\system32\ARP.EXE
      arp -a
      4⤵
      PID:116
  - - C:\Windows\system32\NETSTAT.EXE
      netstat -ano
      4⤵
      Gathers network information
      PID:968
  - - C:\Windows\system32\sc.exe
      sc query type= service state= all
      4⤵
      Launches sc.exe
      PID:3392
  - - C:\Windows\system32\netsh.exe
      netsh firewall show state
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:2832
  - - C:\Windows\system32\netsh.exe
      netsh firewall show config
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:2624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    PID:1144
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:1768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:1512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:2228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:3804

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Electron V3\bin\agree.txt
1⤵
PID:1172

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Electron V3\bin\version.txt
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\95ff9edc-b5a5-49b5-bf74-bbf913f2f4dc.tmp

Filesize
97KB

MD5
f3901e66572477e333c9616472a0bb21

SHA1
06f0bda17029f622120ac85ab1c70c5880ca9a36

SHA256
9d4c6c70a771789294368d1cbdcc69d34c13566ae9234868a8d4ed56d932e49e

SHA512
7599a366e65fbd78cfae6082ba9cbf645762868c02b63c92fcf8656ccfabaf803d8be105094117cd47cafeabea3c1895c7e12fc349af33d0d3364ea68a65d8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2cd879c3b1b25f881f4b7ab71b67a095

SHA1
e8c477526bb5bdddd659fdd44606060d83e703ad

SHA256
d15ec0b42a1305238584533da0ddd5ec2959a76896cabc74599185af8af9e92a

SHA512
95c25065ecb23b375e233d554beb9c5fb61d877f6b5586155d5b5931d270cedfd4508a8fde3dfee5073af2215b256d7cffde9f77923d41909d4168d9bc61123a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
782e1ca57711ab449504899de621213e

SHA1
9d3f1311b8107a3c81cd75ea13e79aa1a5353ac5

SHA256
8f064665979acd2a8001805cd68926fac964a5190e7dba75138f959536dfee80

SHA512
04d93af5116d7cb4f1a90a47d45e8f28d5c4fbb9210da364c6850a22bb17d3fe92f0fdd5539f29114c6f673b03ad55bec0fe320d0f6379a0cc946a0b929a3a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59a147.TMP

Filesize
2KB

MD5
91e32097ee8845a2d90b5afe45798d97

SHA1
65bc350f7c9808443e03441833684eeaa12ac97e

SHA256
9c70e4d00175791cdd554b61e052255b7c07255159e607493a84302045f8910d

SHA512
e4b53bfa38d7d5085f0308519e51c197d0492d7c8450e8687735c522819d0cfe40a678b7776b9fc1b654eeb1dadfc711ea1253cfa982bd1449fc71d6c6883afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb6f073503665799f9d8770408743577

SHA1
2b386c906386250d4b8b514c4401d85280038196

SHA256
f8eab7e4310fe3a9675a5a0859eb8c211314b39e45dd38188459b0853ebee869

SHA512
bfbdc1f2de2058d1744f8c93599de88857b6d554afee41f573ff5f972d47347a714610290acd8ec773d25d72df643bf306e875f650f3ea5a7c9d203a40b11b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e9acfd798f76e31e8eb2167c7222b3f1

SHA1
39a235fce6def78bd9703356af3cf4d82fb1bfce

SHA256
bd2d689e40836935862feacfd14188ca13b21e5945df01d4ea63137578d149a0

SHA512
8117a41eaa29a6f73e03409fc5bbba370fab7c0b5bcf0b332c138eb142eabb08d34a9421612995fc93a20bb1373bdc0ef00dde470400c46695d9f1241f3a1c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ab413c7a112fe1bfb79453c943931504

SHA1
7d4d36b95bab198fe878b3a7c7255bb2f3ac3a79

SHA256
676fd37a428c65f530a8e531fc8c31f6182f56b1e768ef50f6a2dac6eeec6d6b

SHA512
98c8afc83f3cd38329a6184f59a91b2f8bf36cdb0cfcbe30b6dae9c40334f0321ae7b81d441c961b6938f281ec493b9bb84630a048e397d546fba31f38808a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1d7c4f263fa74db7a5595a2304043ab

SHA1
bf29eb3b4e568cc91b8db3f6926352cc727cc0d1

SHA256
39e3aff0c193c9ab9ce9bad526f40e76b7cbd9fc2b0bd560138659ff971e8db8

SHA512
327e7bec09182dd66262727968aa6553a3f6b85e655d6a6868734833e7543911ee7c1943725dd566d910b205f9ebe22600dee3aaf8a4e3e74d08b026f4670757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e4ba56e28236507741dcba52b1cee330

SHA1
cd992885d09f93d0844147a6834f0e44ce3384f3

SHA256
93d6db67b90b61d55dbcd6612b31ad17078b0d6c983579f631c8f9344ee1d6f7

SHA512
9af7cc7b1386702b44942f2250ed924502e74cf033742375d34b9a1777b0ce348a1ee90b6a7408a2f39c3ca776e184170fe69f093920021e3276ff1b18c09c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fce5ac1b2af835fa4d3ce90f1965d914

SHA1
93714f7deeb4dcb36413d6f3a9b68f3dc3fd26a8

SHA256
1dbbe1d8f194fe70de4d55b09f32a8b3aaf2534ad61728cbab58cd4b9a9292fd

SHA512
e7a1a04449a23c892914e678bff64944b94845cff5b8101ef83fd4fb54a5563f6d1c28fa9772733e4e2300c0b5032d883f353b9e46141695cba6f6c5e8e03f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2a94d773c22933ebcd81edc50da8589b

SHA1
369b1ce62f6b82934f9782df8bf7261b26564d12

SHA256
8c96473fefc1ac1314a11af0c2178ed151aac1ef1581c2cc8900fd6d09c0da14

SHA512
5483a1ef68fec7b5eb9fe62f5f834ca9ca52fc4535211e1f66ce0123122bd0db280b97bd47b16ddefc179b68d17f57e16700c995a502366fa7824a5a1978766d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1dfcd64339fbf5f0047c58e39be2522e

SHA1
14c0db9bc9a096a7fb20bb231b1953ceb490256a

SHA256
2818924ae0116de08c3505f4f58d49aa0648523eae17ffd801a8b85087aeaf3d

SHA512
aaac1c32deae7b9d97a8f143ec37ccd6adadb14b63aaccace0767b8ea426e1ce0965586f48925ca427d98e2628537b4071cc3c8ad77a7531346f8ee97c033958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9fe235311901e4c5ec774560f39d7839

SHA1
ac4b0d7ccdf9402f3786a8663b3d36662aabcf64

SHA256
f9bfd21159cd12f9fe60da4ec92e9016aa8f41c77eb3b3ec09a638d1f1791a3a

SHA512
926b28e77ca056ffd1904c73d44fc8afead9f928989f8079ba0d948bbbfd1223fbf3410d388b91b94271f30fb86a4b718575603e6deae77491477482521ea74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
42877bda6cb2a4da9f4e0900cecb364d

SHA1
8373030c7872b2a10482ae046b2bf3e243ddfa10

SHA256
3364436f326188402f755cc11670a15003192b1ba9e7565e77a1c04c9238a2de

SHA512
12993da7b96c2d24a4f079579b4b8e07c54e679d585dc8fdfb31d0cf450258d36d1b6687f153cb902fd2eb7e300484f81dd80a5192e2ee755c4dadb14e74b757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d4fb79e8-aeb5-460e-8a92-04ff0d4611a4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
c0b9a5b3fffefc275918a691f23d0348

SHA1
16cdc0c554d8b6aec61ae209769fac346b61cee8

SHA256
f40c9b45fc6856d032bf26b6ecea5ebeff6cef2a0eeaa523abac7f977c467287

SHA512
5e33d3e442bb393e0549e96cce2952a69503c213cef8fac7b7b72923035b143c4a5f857d567c0cf7749631c180ad08bc6c3e7090b874a932fe735bc7e56c0efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
bb6be9e00c8ccea663b4947398320c6e

SHA1
9eeccdfa7458120260bcbf564064ae4c99bc1bf8

SHA256
0872ea77b2c90e0a2aa73f9703376aa23a38b41469d50a43f01b3de5bf5bbb04

SHA512
fecb8cfaa434f87edb7a5a21c00610a96e09688c1f76ba2c41726b33dd9a2420a19667cc12cb5475ad2aa5d3f13bb395a06e6370e15c31fab127c53d249835b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
e0fbb15b26bfd8c9b9445800b3a497b7

SHA1
bb1523d148c0f6b185dd9841c0e042cacb558e50

SHA256
aba33a5bf5ac9a9d1c0e01ad303240f06c3848891c7bff777013b9dea653b7e4

SHA512
6c4fff9a63647473753c3d15819d20df014d070b262c3cab1c3ad390321b92e1b522144791dc0d61beee2dcb12b78d58b2e1aa77e8d2219e20e62d34bb0c008b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
cdb21e0ac9f526ff8fd21bf063d5d381

SHA1
dcc1f9553ffb0cdeabbc8bf7152f8665791e5182

SHA256
308a9d9d185836cfa2f00cc57d8002f8f888d2dfb0dcd2002d0fbd2e732e1edf

SHA512
a7120c40c45bff0f9a3b6eb61896c6374a229e70d57fb12571153af35049e2316e90177fb55ccc86ecd5c86b33fe1bf675ee3573dfed91b7636496403810fdec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95b4998ef73d43179d1f9855214e6d0c

SHA1
4fcde598135f392c51adfaaf79226121cb74fd15

SHA256
46542156e66494aec206fc8974be282918e44d27ec3c870c967e8b731dc90c99

SHA512
552ae088472f8d86a69861454a13eb75177a7c6e546e4263f099217aa0be7f815dfd8b3e308bc229815c649026d0d7af20300d8bc8111605282d11119803d0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a38a09fea64a469c4bf7489f46420694

SHA1
006e995c659dc2a9faa2819f95d71b39c7e67a03

SHA256
5e5209dfa2884d6822233db716724d375c01bb8ace20a9267d058a292e1e1753

SHA512
cc350ffbafc5809f7bb92b6cf4713b9c2633eda101800e281aaf7d8d57b342a6d6249388c4655b4081ce45a44fc43683815da32ee6db7ddd70d6463d45dbc401

Download Submit
C:\Users\Admin\AppData\Local\Temp\HistoryData.db

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logins.db

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Logins.db

Filesize
46KB

MD5
8f5942354d3809f865f9767eddf51314

SHA1
20be11c0d42fc0cef53931ea9152b55082d1a11e

SHA256
776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea

SHA512
fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218

Download Submit
C:\Users\Admin\AppData\Local\Temp\Web.db

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31962\attrs-23.2.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_asyncio.pyd

Filesize
31KB

MD5
480d3f4496e16d54bb5313d206164134

SHA1
3db3a9f21be88e0b759855bf4f937d0bbfdf1734

SHA256
568fb5c3d9b170ce1081ad12818b9a12f44ab1577449425a3ef30c2efbee613d

SHA512
8e887e8de9c31dbb6d0a85b4d6d4157e917707e63ce5f119bb4b03cb28d41af90d087e3843f3a4c2509bca70cdac3941e00b8a5144ade8532a97166a5d0a7bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_bz2.pyd

Filesize
43KB

MD5
39b487c3e69816bd473e93653dbd9b7f

SHA1
bdce6fde092a3f421193ddb65df893c40542a4e2

SHA256
a1629c455be2cf55e36021704716f4b16a96330fe993aae9e818f67c4026fcdc

SHA512
7543c1555e8897d15c952b89427e7d06c32e250223e85fafae570f8a0fa13c39fb6fc322d043324a31b2f2f08d2f36e0da59dfd741d09c035d0429173b6badc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_cffi_backend.cp310-win_amd64.pyd

Filesize
71KB

MD5
641e49ce0c4fa963d347fbf915aabdbe

SHA1
1351f6c4ac5dcda7e3ffbf3d5e355b4bb864eb10

SHA256
1c795df278c7f64be8e6973f8dbf1a625997cb39ae2dcb5bee0ca4c1b90c8906

SHA512
766b9adb5143e89d663177c2fb0e951afb84c0a43ec690ae2c477ee0bbe036df6f4161a6012430d42e4913fd5fbe7e49af6d13ac7c62d042a484861fc5a04616

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_ctypes.pyd

Filesize
53KB

MD5
b1f12f4bfc0bd49a6646a0786bc5bc00

SHA1
acb7d8c665bb8ca93e5f21e178870e3d141d7cbc

SHA256
1fe61645ed626fc1dec56b2e90e8e551066a7ff86edbd67b41cb92211358f3d7

SHA512
a3fb041bd122638873c395b95f1a541007123f271572a8a988c9d01d2b2d7bb20d70e1d97fc3abffd28cb704990b41d8984974c344faea98dd0c6b07472b5731

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_decimal.pyd

Filesize
101KB

MD5
b7f498da5aec35140a6d928a8f792911

SHA1
95ab794a2d4cb8074a23d84b10cd62f7d12a4cd0

SHA256
b15f0dc3ce6955336162c9428077dcedfa1c52e60296251521819f3239c26ee8

SHA512
5fcb2d5325a6a4b7aff047091957ba7f13de548c5330f0149682d44140ac0af06837465871c598db71830fd3b2958220f80ae8744ef16fdb7336b3d6a5039e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_hashlib.pyd

Filesize
30KB

MD5
31dfa2caaee02cc38adf4897b192d6d1

SHA1
9be57a9bad1cb420675f5b9e04c48b76d18f4a19

SHA256
dc045ac7d4bde60b0f122d307fcd2bbaf5e1261a280c4fb67cfc43de5c0c2a0f

SHA512
3e58c083e1e3201a9fbbf6a4fcbc2b0273cf22badabab8701b10b3f8fdd20b11758cdcfead557420393948434e340aad751a4c7aa740097ab29d1773ea3a0100

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_lzma.pyd

Filesize
81KB

MD5
95badb08cd77e563c9753fadc39a34dd

SHA1
b3c3dfe64e89b5e7afb5f064bbf9d8d458f626a0

SHA256
5545627b465d780b6107680922ef44144a22939dd406deae44858b79747e301a

SHA512
eb36934b73f36ba2162e75f0866435f57088777dc40379f766366c26d40f185de5be3da55d17f5b82cb498025d8d90bc16152900502eb7f5de88bbef84ace2cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_multiprocessing.pyd

Filesize
22KB

MD5
28f6fcc0b7bb10a45ff1370c9e1b9561

SHA1
c7669f406b5ec2306a402e872dec17380219907a

SHA256
6dd33d49554ee61490725ea2c9129c15544791ab7a65fb523cc9b4f88d38744b

SHA512
2aef40344e80c3518afc07bf6ad4c96c4fff44434f8307e2efa544290d59504d7b014d7ea94af0377e342a632d6c4c74bfdf16d26f92ccc7062be618ea4dbee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_overlapped.pyd

Filesize
27KB

MD5
745706ab482fe9c9f92383292f121072

SHA1
439f00978795d0845aceaf007fd76ff5947567fd

SHA256
4d98e7d1b74bd209f8c66e1a276f60b470f6a5d6f519f76a91eb75be157a903d

SHA512
52fe3dfc45c380dfb1d9b6e453bdffcd92d57ad7b7312d0b9a86a76d437c512a17da33822f8e81760710d8ff4fd6a4b702d2abfffc600c9350d4d463451d38d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_queue.pyd

Filesize
21KB

MD5
18b8b2b0aefcee9527299c464b7f6d3d

SHA1
a565216faee2534bbda5b3f65aeb2eef5fd9bcda

SHA256
6f334fa1474116dd499a125f3b5ca4cd698039446faf50340f9a3f7af3adb8c2

SHA512
0b56e9d89f4dd3da830954b6561c49c06775854e0b27bc2b07ea8e9c79829d66dae186b95209c8c4cc7c3a7ba6b03cdf134b2e0036cea929e61d755d4709abcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_socket.pyd

Filesize
38KB

MD5
f675cf3cdd836cacfab9c89ab9f97108

SHA1
3e077bf518f7a4cb30ea4607338cff025d4d476e

SHA256
bb82a23d8dc6bf4c9aeb91d3f3bef069276ae3b14eeca100b988b85dd21e2dd3

SHA512
e2344b5f59bd0fad3570977edf0505aa2e05618e66d07c9f93b163fc151c4e1d6fbc0e25b7c989505c1270f8cd4840c6120a73a7ad64591ee3c4fb282375465e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_sqlite3.pyd

Filesize
45KB

MD5
1dbec8753e5cd062cd71a8bb294f28f9

SHA1
c32e9b577f588408a732047863e04a1db6ca231e

SHA256
6d95d41a36b5c9e3a895eff91149978aa383b6a8617d542accef2080737c3cad

SHA512
a1c95dbb1a9e2ffbcc9422f53780b35fbc77cb56ac3562afb8753161a233e5efa8da8ad67f5bde5a094beb8331d9dab5c3d5e673a8d09fd6d0383a8a6ffda087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_ssl.pyd

Filesize
57KB

MD5
2edf5c4e534a45966a68033e7395f40d

SHA1
478ef27474eec0fd966d1663d2397e8fb47fec17

SHA256
7abc2b326f5b7c3011827eb7a5a4d896cc6b2619246826519b3f57d2bb99d3bd

SHA512
f83b698cfe702a15eb0267f254c593b90fa155ad2aefe75e5ba0ee5d4f38976882796cba2a027b42a910f244360177ac809891d505b3d0ae9276156b64850b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\_uuid.pyd

Filesize
18KB

MD5
b3e7fc44f12d2db5bad6922e0b1d927f

SHA1
3fe8ef4b6fb0bc590a1c0c0f5710453e8e340f8f

SHA256
6b93290a74fb288489405044a7dee7cca7c25fa854be9112427930dd739ebace

SHA512
a0465a38aaac2d501e9a12a67d5d71c9eeeb425f535c473fc27ac13c2bb307641cc3cef540472f916e341d7bada80a84b99d78850d94c95ee14139f8540d0c42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\aiohttp\_helpers.cp310-win_amd64.pyd

Filesize
26KB

MD5
9957581b89a8a0c1fa8f10ed03faf862

SHA1
8a38fede27a2990d5ce9aa1e3664aa5617da1f32

SHA256
fbb576e7c8b4a96fa41dc629a336650a4362e61092423e977596c266dc23983f

SHA512
195566707019c8efdd8a11ebf3dfe30cf67f6d62cb2ca103d98a4ffca8574cc5df6d83b78ad891f369ea4318d1e7fc9466b1c17fb9cfea61a16960e9a2b26dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\aiohttp\_http_parser.cp310-win_amd64.pyd

Filesize
78KB

MD5
4c47cc586ff34eb1e8ff5304de05cbfa

SHA1
dea8568ac69a6d75a2ed0cb96228f113ed55f364

SHA256
5a1f5f3b5c813c03821377b5ba3c5b3139de8a69415736fb2d8a022ef7160b30

SHA512
41a90bec5258047e10ced50195abae182f560fd118742e86a340eda54ae3ff4f031805763366a7c4e7e0944669691271432b9b3edc0cdb3f2851d27bee5608c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\aiohttp\_http_writer.cp310-win_amd64.pyd

Filesize
24KB

MD5
29e8136c3e5f76cad4920b6af598a750

SHA1
04150e81d15700592654999e18a9ab956c5694fb

SHA256
efbac999cb548957e7fe424b15a4edc98a8544689b87cd8159f26dc25224d83c

SHA512
e7fe7ba7e457321bcdb226202fcaffe0cb95582354a592240d3b776b9f5663a94e38f9cf4f450102a5423fb0d238a0cb02e44c49dcddad45dbcbb9b714541827

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\base_library.zip

Filesize
858KB

MD5
7b2903144d2ab90e0e8c34c0c5fc8b30

SHA1
4f435ff09b472607c96c9fbc38ca1cac8cb4725c

SHA256
76f8cfff0ca0997ba4fead6d7883316f32688cb9872a86df23148cd94c1511b2

SHA512
257ed12db69532081c3b6050779b021e46dcc26377d69310a2352eecb285ed74cb9ca63f3dbfb9e9c2289c6add588a1512b7f0ae547952b6d4b578953dc36701

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\libcrypto-1_1.dll

Filesize
1.1MB

MD5
700f32459dca0f54c982cd1c1ddd6b8b

SHA1
2538711c091ac3f572cb0f13539a68df0f228f28

SHA256
1de22bd1a0154d49f48b3fab94fb1fb1abd8bfed37d18e79a86ecd7cdab893c9

SHA512
99de1f5cb78c83fc6af0a475fb556f1ac58a1ba734efc69d507bf5dc1b0535a401d901324be845d7a59db021f8967cf33a7b105b2ddcb2e02a39dc0311e7c36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\libffi-7.dll

Filesize
23KB

MD5
d50ebf567149ead9d88933561cb87d09

SHA1
171df40e4187ebbfdf9aa1d76a33f769fb8a35ed

SHA256
6aa8e12ce7c8ad52dd2e3fabeb38a726447849669c084ea63d8e322a193033af

SHA512
7bcc9d6d3a097333e1e4b2b23c81ea1b5db7dbdc5d9d62ebaffb0fdfb6cfe86161520ac14dc835d1939be22b9f342531f48da70f765a60b8e2c3d7b9983021de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\libssl-1_1.dll

Filesize
198KB

MD5
45498cefc9ead03a63c2822581cd11c6

SHA1
f96b6373237317e606b3715705a71db47e2cafad

SHA256
a84174a00dc98c98240ad5ee16c35e6ef932cebd5b8048ff418d3dd80f20deca

SHA512
4d3d8d33e7f3c2bf1cad3afbfba6ba53852d1314713ad60eeae1d51cc299a52b73da2c629273f9e0b7983ca01544c3645451cfa247911af4f81ca88a82cf6a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\multidict\_multidict.cp310-win_amd64.pyd

Filesize
20KB

MD5
58a0ff76a0d7d3cd86ceb599d247c612

SHA1
af52bdb9556ef4b9d38cf0f0b9283494daa556a6

SHA256
2079d8be068f67fb2ece4fb3f5927c91c1c25edecb9d1c480829eb1cd21d7cc5

SHA512
e2d4f80cdeba2f5749a4d3de542e09866055d8aee1d308b96cb61bc53f4495c781e9b2559cc6a5f160be96b307539a8b6e06cabeffcc0ddb9ad4107dcacd8a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\pyexpat.pyd

Filesize
81KB

MD5
b4cf065f5e5b7a5bc2dd2b2e09bea305

SHA1
d289a500ffd399053767ee7339e48c161655b532

SHA256
9b5f407a2a1feaa76c6d3058a2f04c023b1c50b31d417bbfee69024098e4938b

SHA512
ddd9e216b11152d6a50481e06bb409335d36ce7fe63072aa0c7789c541593f2d7e8b4373be67a018c59f5e418e5a39a3ad729b732f11fa253f6275a64e125989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\python3.DLL

Filesize
60KB

MD5
a5471f05fd616b0f8e582211ea470a15

SHA1
cb5f8bf048dc4fc58f80bdfd2e04570dbef4730e

SHA256
8d5e09791b8b251676e16bdd66a7118d88b10b66ad80a87d5897fadbefb91790

SHA512
e87d06778201615b129dcf4e8b4059399128276eb87102b5c3a64b6e92714f6b0d5bde5df4413cc1b66d33a77d7a3912eaa1035f73565dbfd62280d09d46abff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\python310.dll

Filesize
1.4MB

MD5
90d5b8ba675bbb23f01048712813c746

SHA1
f2906160f9fc2fa719fea7d37e145156742ea8a7

SHA256
3a7d497d779ff13082835834a1512b0c11185dd499ab86be830858e7f8aaeb3e

SHA512
872c2bf56c3fe180d9b4fb835a92e1dc188822e9d9183aab34b305408bb82fba1ead04711e8ad2bef1534e86cd49f2445d728851206d7899c1a7a83e5a62058e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\select.pyd

Filesize
21KB

MD5
740424368fb6339d67941015e7ac4096

SHA1
64f3fab24f469a027ddfcf0329eca121f4164e45

SHA256
a389eae40188282c91e0cdf38c79819f475375860225b6963deb11623485b76d

SHA512
6d17dc3f294f245b4ca2eca8e62f4c070c7b8a5325349bc25ebaeea291a5a5ebd268bd1321c08755141aa58de0f985adc67335b4f83bc1aeec4b398d0f538e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\sqlite3.dll

Filesize
605KB

MD5
7055e9008e847cb6015b1bb89f26c7ac

SHA1
c7c844cb46f8287a88bec3bd5d02647f5a07ae80

SHA256
2884d8e9007461ab6e8bbdd37c6bc4f6de472bbd52ec5b53e0a635075d86b871

SHA512
651b7b8c2518e4826d84c89be5052fd944f58f558c51cc905da181049850186d0a87fd2e05734fbe6a69618a6e48261a9fdd043ab17eb01620c6510e96d57008

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\unicodedata.pyd

Filesize
285KB

MD5
0c26e9925bea49d7cf03cfc371283a9b

SHA1
89290d3e43e18165cb07a7a4f99855b9e8466b21

SHA256
13c2ea04a1d40588536f1d7027c8d0ea228a9fb328ca720d6c53b96a8e1ae724

SHA512
6a3cd4b48f7c0087f4a1bdc1241df71d56bd90226759481f17f56baa1b991d1af0ba5798a2b7ba57d9ffa9ec03a12bfac81df2fba88765bd369435ff21a941e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46682\yarl\_quoting_c.cp310-win_amd64.pyd

Filesize
40KB

MD5
c14493cd3cc9b9b5f850b5fadcbe936e

SHA1
eddb260ff89bfa132a479fdf783c67098011fb85

SHA256
1782f3c12b3eb01716fcd59b0cd69c02c2fb888db4377f4d5fe00f07986be8e3

SHA512
0a7b85322b8fa566fb3d24b8e4021fb64433be06c3c4dbeb06d9633e4af0a5b76252fb2228de0abd818be5f4a18fffc712c727816632dd8c8585c9a9a7bf0fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bkf4nojt.ioe.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\Electron V3\ElectronV3.exe

Filesize
24.3MB

MD5
581804ae67622d1bd0cad82e858f4d8f

SHA1
946a2821cfd1f378d088a67cce87dc407aca5eb6

SHA256
ab7a27e2d687101fbf523100304a632fe3dde3deebc6e8189d975da23c663282

SHA512
4b13b34cbd839135a5553f91076dcd43262a89b1255aa954cbeeed1562e284581a1d0cbe06530690d65e06a7804d99d5c695f833dc23198bdad1d85abf5c5b72

Download Submit
C:\Users\Admin\Downloads\Electron_V3.rar.crdownload

Filesize
9.2MB

MD5
0e4ce2f959093139fb9931e634292c39

SHA1
9d16e91e05a6cb558052065ede98c2d9ed448620

SHA256
053354062f3ad68617191b0009df9cad0f1dc79da34bfce46d235ec375a4eb5c

SHA512
68ea1a4fb5e85e2e25266e4e046cf7073e55bf0918186d9dd981666b1ab5c6796768897edc4444f899c390cdc58decc9a244d035e481e15d6f501dc852150f48

Download Submit
memory/1336-168-0x000002BB99240000-0x000002BB995B4000-memory.dmp

Filesize
3.5MB

Download
memory/1336-418-0x00007FFBAF8E0000-0x00007FFBAF8EF000-memory.dmp

Filesize
60KB

Download
memory/1336-194-0x00007FFB9B6E0000-0x00007FFB9B70C000-memory.dmp

Filesize
176KB

Download
memory/1336-199-0x00007FFB9C840000-0x00007FFB9CF32000-memory.dmp

Filesize
6.9MB

Download
memory/1336-187-0x00007FFB9B730000-0x00007FFB9B749000-memory.dmp

Filesize
100KB

Download
memory/1336-201-0x00007FFB9C800000-0x00007FFB9C838000-memory.dmp

Filesize
224KB

Download
memory/1336-200-0x00007FFB9B550000-0x00007FFB9B6BD000-memory.dmp

Filesize
1.4MB

Download
memory/1336-224-0x00007FFB9B520000-0x00007FFB9B54E000-memory.dmp

Filesize
184KB

Download
memory/1336-258-0x00007FFB9B460000-0x00007FFB9B516000-memory.dmp

Filesize
728KB

Download
memory/1336-259-0x00007FFB9B0E0000-0x00007FFB9B454000-memory.dmp

Filesize
3.5MB

Download
memory/1336-260-0x000002BB99240000-0x000002BB995B4000-memory.dmp

Filesize
3.5MB

Download
memory/1336-261-0x00007FFBB3D30000-0x00007FFBB3D3D000-memory.dmp

Filesize
52KB

Download
memory/1336-119-0x00007FFB9B750000-0x00007FFB9BBB5000-memory.dmp

Filesize
4.4MB

Download
memory/1336-195-0x00007FFBA08F0000-0x00007FFBA0901000-memory.dmp

Filesize
68KB

Download
memory/1336-278-0x00007FFB9B0C0000-0x00007FFB9B0D4000-memory.dmp

Filesize
80KB

Download
memory/1336-279-0x00007FFBAF720000-0x00007FFBAF730000-memory.dmp

Filesize
64KB

Download
memory/1336-294-0x00007FFB9B550000-0x00007FFB9B6BD000-memory.dmp

Filesize
1.4MB

Download
memory/1336-306-0x00007FFB9CF60000-0x00007FFB9CFA9000-memory.dmp

Filesize
292KB

Download
memory/1336-313-0x00007FFB9AF30000-0x00007FFB9AF52000-memory.dmp

Filesize
136KB

Download
memory/1336-311-0x00007FFB9C800000-0x00007FFB9C838000-memory.dmp

Filesize
224KB

Download
memory/1336-305-0x00007FFBAF480000-0x00007FFBAF499000-memory.dmp

Filesize
100KB

Download
memory/1336-304-0x00007FFBAF4A0000-0x00007FFBAF4B7000-memory.dmp

Filesize
92KB

Download
memory/1336-303-0x00007FFB9AF30000-0x00007FFB9AF52000-memory.dmp

Filesize
136KB

Download
memory/1336-298-0x00007FFB9B0C0000-0x00007FFB9B0D4000-memory.dmp

Filesize
80KB

Download
memory/1336-297-0x00007FFB9B0E0000-0x00007FFB9B454000-memory.dmp

Filesize
3.5MB

Download
memory/1336-296-0x00007FFB9B460000-0x00007FFB9B516000-memory.dmp

Filesize
728KB

Download
memory/1336-295-0x00007FFB9B520000-0x00007FFB9B54E000-memory.dmp

Filesize
184KB

Download
memory/1336-293-0x00007FFB9B6C0000-0x00007FFB9B6DE000-memory.dmp

Filesize
120KB

Download
memory/1336-286-0x00007FFB9B750000-0x00007FFB9BBB5000-memory.dmp

Filesize
4.4MB

Download
memory/1336-287-0x00007FFBAF220000-0x00007FFBAF244000-memory.dmp

Filesize
144KB

Download
memory/1336-310-0x00007FFB9C840000-0x00007FFB9CF32000-memory.dmp

Filesize
6.9MB

Download
memory/1336-196-0x00007FFBAF6F0000-0x00007FFBAF6FA000-memory.dmp

Filesize
40KB

Download
memory/1336-197-0x00007FFB9CF40000-0x00007FFB9CF5E000-memory.dmp

Filesize
120KB

Download
memory/1336-189-0x00007FFBAF4A0000-0x00007FFBAF4B7000-memory.dmp

Filesize
92KB

Download
memory/1336-389-0x00007FFB9B750000-0x00007FFB9BBB5000-memory.dmp

Filesize
4.4MB

Download
memory/1336-425-0x00007FFB9B520000-0x00007FFB9B54E000-memory.dmp

Filesize
184KB

Download
memory/1336-428-0x00007FFB9B0C0000-0x00007FFB9B0D4000-memory.dmp

Filesize
80KB

Download
memory/1336-438-0x00007FFB9CF40000-0x00007FFB9CF5E000-memory.dmp

Filesize
120KB

Download
memory/1336-437-0x00007FFBAF6F0000-0x00007FFBAF6FA000-memory.dmp

Filesize
40KB

Download
memory/1336-436-0x00007FFBA08F0000-0x00007FFBA0901000-memory.dmp

Filesize
68KB

Download
memory/1336-435-0x00007FFB9CF60000-0x00007FFB9CFA9000-memory.dmp

Filesize
292KB

Download
memory/1336-434-0x00007FFBAF480000-0x00007FFBAF499000-memory.dmp

Filesize
100KB

Download
memory/1336-433-0x00007FFBAF4A0000-0x00007FFBAF4B7000-memory.dmp

Filesize
92KB

Download
memory/1336-432-0x00007FFB9AF30000-0x00007FFB9AF52000-memory.dmp

Filesize
136KB

Download
memory/1336-431-0x00007FFB9AF60000-0x00007FFB9B078000-memory.dmp

Filesize
1.1MB

Download
memory/1336-430-0x00007FFB9B0A0000-0x00007FFB9B0B4000-memory.dmp

Filesize
80KB

Download
memory/1336-429-0x00007FFBAF720000-0x00007FFBAF730000-memory.dmp

Filesize
64KB

Download
memory/1336-427-0x00007FFB9B0E0000-0x00007FFB9B454000-memory.dmp

Filesize
3.5MB

Download
memory/1336-426-0x00007FFB9B460000-0x00007FFB9B516000-memory.dmp

Filesize
728KB

Download
memory/1336-424-0x00007FFB9B550000-0x00007FFB9B6BD000-memory.dmp

Filesize
1.4MB

Download
memory/1336-423-0x00007FFB9B6C0000-0x00007FFB9B6DE000-memory.dmp

Filesize
120KB

Download
memory/1336-422-0x00007FFB9B6E0000-0x00007FFB9B70C000-memory.dmp

Filesize
176KB

Download
memory/1336-421-0x00007FFB9B710000-0x00007FFB9B729000-memory.dmp

Filesize
100KB

Download
memory/1336-420-0x00007FFBAF780000-0x00007FFBAF78D000-memory.dmp

Filesize
52KB

Download
memory/1336-419-0x00007FFB9B730000-0x00007FFB9B749000-memory.dmp

Filesize
100KB

Download
memory/1336-198-0x00007FFB9B6C0000-0x00007FFB9B6DE000-memory.dmp

Filesize
120KB

Download
memory/1336-417-0x00007FFBAF220000-0x00007FFBAF244000-memory.dmp

Filesize
144KB

Download
memory/1336-416-0x00007FFB9B080000-0x00007FFB9B095000-memory.dmp

Filesize
84KB

Download
memory/1336-439-0x00007FFB9C840000-0x00007FFB9CF32000-memory.dmp

Filesize
6.9MB

Download
memory/1336-441-0x00007FFBB3D30000-0x00007FFBB3D3D000-memory.dmp

Filesize
52KB

Download
memory/1336-440-0x00007FFB9C800000-0x00007FFB9C838000-memory.dmp

Filesize
224KB

Download
memory/1336-192-0x00007FFBAF480000-0x00007FFBAF499000-memory.dmp

Filesize
100KB

Download
memory/1336-193-0x00007FFB9CF60000-0x00007FFB9CFA9000-memory.dmp

Filesize
292KB

Download
memory/1336-162-0x00007FFB9B520000-0x00007FFB9B54E000-memory.dmp

Filesize
184KB

Download
memory/1336-174-0x00007FFB9B750000-0x00007FFB9BBB5000-memory.dmp

Filesize
4.4MB

Download
memory/1336-175-0x00007FFB9B0C0000-0x00007FFB9B0D4000-memory.dmp

Filesize
80KB

Download
memory/1336-176-0x00007FFBAF720000-0x00007FFBAF730000-memory.dmp

Filesize
64KB

Download
memory/1336-177-0x00007FFB9B0A0000-0x00007FFB9B0B4000-memory.dmp

Filesize
80KB

Download
memory/1336-178-0x00007FFB9B080000-0x00007FFB9B095000-memory.dmp

Filesize
84KB

Download
memory/1336-183-0x00007FFB9AF60000-0x00007FFB9B078000-memory.dmp

Filesize
1.1MB

Download
memory/1336-127-0x00007FFBAF220000-0x00007FFBAF244000-memory.dmp

Filesize
144KB

Download
memory/1336-140-0x00007FFBAF8E0000-0x00007FFBAF8EF000-memory.dmp

Filesize
60KB

Download
memory/1336-150-0x00007FFB9B730000-0x00007FFB9B749000-memory.dmp

Filesize
100KB

Download
memory/1336-152-0x00007FFBAF780000-0x00007FFBAF78D000-memory.dmp

Filesize
52KB

Download
memory/1336-156-0x00007FFB9B6E0000-0x00007FFB9B70C000-memory.dmp

Filesize
176KB

Download
memory/1336-155-0x00007FFB9B710000-0x00007FFB9B729000-memory.dmp

Filesize
100KB

Download
memory/1336-158-0x00007FFB9B6C0000-0x00007FFB9B6DE000-memory.dmp

Filesize
120KB

Download
memory/1336-160-0x00007FFB9B550000-0x00007FFB9B6BD000-memory.dmp

Filesize
1.4MB

Download
memory/1336-166-0x00007FFB9B460000-0x00007FFB9B516000-memory.dmp

Filesize
728KB

Download
memory/1336-167-0x00007FFB9B0E0000-0x00007FFB9B454000-memory.dmp

Filesize
3.5MB

Download
memory/1336-179-0x00007FFBAF220000-0x00007FFBAF244000-memory.dmp

Filesize
144KB

Download
memory/1336-184-0x00007FFB9AF30000-0x00007FFB9AF52000-memory.dmp

Filesize
136KB

Download
memory/1404-831-0x00007FFB9F920000-0x00007FFB9F94E000-memory.dmp

Filesize
184KB

Download
memory/1404-825-0x00007FFB9F690000-0x00007FFB9F6B2000-memory.dmp

Filesize
136KB

Download
memory/1404-816-0x00007FFBA08F0000-0x00007FFBA0904000-memory.dmp

Filesize
80KB

Download
memory/1404-818-0x00007FFB9BDC0000-0x00007FFB9C225000-memory.dmp

Filesize
4.4MB

Download
memory/1404-830-0x00007FFB9DD10000-0x00007FFB9DE7D000-memory.dmp

Filesize
1.4MB

Download
memory/1404-824-0x00007FFBAF250000-0x00007FFBAF269000-memory.dmp

Filesize
100KB

Download
memory/1404-823-0x000001DCDC7D0000-0x000001DCDC8E8000-memory.dmp

Filesize
1.1MB

Download
memory/1404-822-0x00007FFBB3D30000-0x00007FFBB3D3F000-memory.dmp

Filesize
60KB

Download
memory/1404-821-0x00007FFBAF7E0000-0x00007FFBAF804000-memory.dmp

Filesize
144KB

Download
memory/1404-817-0x00007FFBAF780000-0x00007FFBAF790000-memory.dmp

Filesize
64KB

Download
memory/1404-826-0x00007FFB9E860000-0x00007FFB9E877000-memory.dmp

Filesize
92KB

Download
memory/1404-814-0x00007FFB9AEE0000-0x00007FFB9AF96000-memory.dmp

Filesize
728KB

Download
memory/1404-827-0x00007FFBAF210000-0x00007FFBAF22E000-memory.dmp

Filesize
120KB

Download
memory/1404-829-0x00007FFB9DCA0000-0x00007FFB9DCE9000-memory.dmp

Filesize
292KB

Download
memory/1404-819-0x00007FFB9F900000-0x00007FFB9F914000-memory.dmp

Filesize
80KB

Download
memory/1404-820-0x00007FFB9F6C0000-0x00007FFB9F6D5000-memory.dmp

Filesize
84KB

Download
memory/1404-828-0x00007FFB9DCF0000-0x00007FFB9DD09000-memory.dmp

Filesize
100KB

Download
memory/1404-815-0x00007FFB9AB60000-0x00007FFB9AED4000-memory.dmp

Filesize
3.5MB

Download
memory/1404-813-0x00007FFB9F920000-0x00007FFB9F94E000-memory.dmp

Filesize
184KB

Download
memory/1404-810-0x00007FFBAECB0000-0x00007FFBAECDC000-memory.dmp

Filesize
176KB

Download
memory/1404-811-0x00007FFBAF210000-0x00007FFBAF22E000-memory.dmp

Filesize
120KB

Download
memory/1404-812-0x00007FFB9DD10000-0x00007FFB9DE7D000-memory.dmp

Filesize
1.4MB

Download
memory/1404-809-0x00007FFBAF230000-0x00007FFBAF249000-memory.dmp

Filesize
100KB

Download
memory/1404-808-0x00007FFBAF7B0000-0x00007FFBAF7BD000-memory.dmp

Filesize
52KB

Download
memory/1404-807-0x00007FFBAF250000-0x00007FFBAF269000-memory.dmp

Filesize
100KB

Download
memory/1404-805-0x00007FFBAF7E0000-0x00007FFBAF804000-memory.dmp

Filesize
144KB

Download
memory/1404-806-0x00007FFBB3D30000-0x00007FFBB3D3F000-memory.dmp

Filesize
60KB

Download
memory/1404-804-0x00007FFB9BDC0000-0x00007FFB9C225000-memory.dmp

Filesize
4.4MB

Download
memory/3060-273-0x000001C67A370000-0x000001C67A392000-memory.dmp

Filesize
136KB

Download