lumma | hxxps://github[.]com/Imran407704/roblox-executor

Analysis

max time kernel
600s
max time network
609s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Imran407704/roblox-executor

Score

10^/10

lumma pyinstaller stealer upx

Malware Config

Extracted

Family

lumma

https://groundsmooors.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 16 IoCs

Processes:

Setup.exeSetup.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exe

pid	process
1168	Setup.exe
4384	Setup.exe
1744	ElectronV3.exe
2880	ElectronV3.exe
4444	ElectronV3.exe
5360	ElectronV3.exe
4008	ElectronV3.exe
4584	ElectronV3.exe
208	ElectronV3.exe
4664	ElectronV3.exe
5992	ElectronV3.exe
5244	ElectronV3.exe
5416	ElectronV3.exe
4876	ElectronV3.exe
1740	ElectronV3.exe
4068	ElectronV3.exe

Loads dropped DLL 64 IoCs

Processes:

ElectronV3.exeElectronV3.exeElectronV3.exeElectronV3.exe

pid	process
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
2880	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
208	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
208	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
4008	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
5992	ElectronV3.exe
5992	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
4008	ElectronV3.exe
208	ElectronV3.exe
208	ElectronV3.exe
4008	ElectronV3.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI17442\python310.dll	upx
behavioral1/memory/2880-86-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_ctypes.pyd	upx
behavioral1/memory/2880-93-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\sqlite3.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_decimal.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_uuid.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_ssl.pyd	upx
behavioral1/memory/2880-115-0x00007FFEC48E0000-0x00007FFEC48EF000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_sqlite3.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_queue.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_overlapped.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_multiprocessing.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_lzma.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_hashlib.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_cffi_backend.cp310-win_amd64.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_bz2.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_asyncio.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\unicodedata.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\pyexpat.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\libssl-1_1.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\libcrypto-1_1.dll	upx
behavioral1/memory/2880-117-0x00007FFEBD160000-0x00007FFEBD179000-memory.dmp	upx
behavioral1/memory/2880-119-0x00007FFEBD460000-0x00007FFEBD46D000-memory.dmp	upx
behavioral1/memory/2880-121-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp	upx
behavioral1/memory/2880-123-0x00007FFEBD0E0000-0x00007FFEBD10C000-memory.dmp	upx
behavioral1/memory/2880-125-0x00007FFEBD0C0000-0x00007FFEBD0DE000-memory.dmp	upx
behavioral1/memory/2880-127-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp	upx
behavioral1/memory/2880-129-0x00007FFEBD090000-0x00007FFEBD0BE000-memory.dmp	upx
behavioral1/memory/2880-134-0x00007FFEBCD50000-0x00007FFEBCE06000-memory.dmp	upx
behavioral1/memory/2880-132-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp	upx
behavioral1/memory/2880-136-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp	upx
behavioral1/memory/2880-135-0x00007FFEAB8E0000-0x00007FFEABC54000-memory.dmp	upx
behavioral1/memory/2880-139-0x00007FFEBCBA0000-0x00007FFEBCBB4000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\multidict\_multidict.cp310-win_amd64.pyd	upx
behavioral1/memory/2880-143-0x00007FFEBD430000-0x00007FFEBD440000-memory.dmp	upx
behavioral1/memory/2880-142-0x00007FFEBD160000-0x00007FFEBD179000-memory.dmp	upx
behavioral1/memory/2880-146-0x00007FFEBCB80000-0x00007FFEBCB94000-memory.dmp	upx
behavioral1/memory/2880-148-0x00007FFEBCB60000-0x00007FFEBCB75000-memory.dmp	upx
behavioral1/memory/2880-147-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\yarl\_quoting_c.cp310-win_amd64.pyd	upx
behavioral1/memory/2880-155-0x00007FFEBCB30000-0x00007FFEBCB52000-memory.dmp	upx
behavioral1/memory/2880-154-0x00007FFEBD0C0000-0x00007FFEBD0DE000-memory.dmp	upx
behavioral1/memory/2880-151-0x00007FFEAB7C0000-0x00007FFEAB8D8000-memory.dmp	upx
behavioral1/memory/2880-150-0x00007FFEBD0E0000-0x00007FFEBD10C000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_helpers.cp310-win_amd64.pyd	upx
behavioral1/memory/2880-167-0x00007FFEB7830000-0x00007FFEB7879000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_websocket.cp310-win_amd64.pyd	upx
behavioral1/memory/2880-166-0x00007FFEBCD50000-0x00007FFEBCE06000-memory.dmp	upx
behavioral1/memory/2880-173-0x00007FFEBD400000-0x00007FFEBD40A000-memory.dmp	upx
behavioral1/memory/2880-172-0x00007FFEBCA10000-0x00007FFEBCA21000-memory.dmp	upx
behavioral1/memory/2880-174-0x00007FFEBCBA0000-0x00007FFEBCBB4000-memory.dmp	upx
behavioral1/memory/2880-175-0x00007FFEBC9F0000-0x00007FFEBCA0E000-memory.dmp	upx
behavioral1/memory/2880-171-0x00007FFEAB8E0000-0x00007FFEABC54000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_http_parser.cp310-win_amd64.pyd	upx
behavioral1/memory/2880-163-0x00007FFEBD090000-0x00007FFEBD0BE000-memory.dmp	upx
behavioral1/memory/2880-176-0x00007FFEAA580000-0x00007FFEAAC72000-memory.dmp	upx
behavioral1/memory/2880-162-0x00007FFEBCA50000-0x00007FFEBCA69000-memory.dmp	upx
behavioral1/memory/2880-161-0x00007FFEBCB10000-0x00007FFEBCB27000-memory.dmp	upx
behavioral1/memory/2880-160-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_http_writer.cp310-win_amd64.pyd	upx

Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1211 api.ipify.org
1212 api.ipify.org
1216 api.ipify.org
Suspicious use of SetThreadContext 2 IoCs

Processes:

Setup.exeSetup.exe

description pid process target process

PID 1168 set thread context of 4512 1168 Setup.exe RegAsm.exe
PID 4384 set thread context of 3676 4384 Setup.exe RegAsm.exe

flow	ioc
1211	api.ipify.org
1212	api.ipify.org
1216	api.ipify.org

description	pid	process	target process
PID 1168 set thread context of 4512	1168	Setup.exe	RegAsm.exe
PID 4384 set thread context of 3676	4384	Setup.exe	RegAsm.exe

Drops file in Program Files directory 5 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Electron V3\ElectronV3.exe	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Electron V3\scripts\Inf Yield.txt	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Electron V3\workspace\IY_FE.iy	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Electron V3\bin\agree.txt	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\Electron V3\bin\version.txt	msedge.exe

Detects Pyinstaller 1 IoCs
pyinstaller

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe pyinstaller
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

772 1168 WerFault.exe Setup.exe
3264 4384 WerFault.exe Setup.exe
Detects videocard installed 1 TTPs 2 IoCs
Uses WMIC.exe to determine videocard installed.

System Information Discovery
T1082

Processes:

WMIC.exeWMIC.exe

pid process

1832 WMIC.exe
4408 WMIC.exe
Enumerates processes with tasklist 1 TTPs 4 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exe

pid process

5752 tasklist.exe
1532 tasklist.exe
5480 tasklist.exe
4316 tasklist.exe

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe	pyinstaller

pid	pid_target	process	target process
772	1168	WerFault.exe	Setup.exe
3264	4384	WerFault.exe	Setup.exe

pid	process
1832	WMIC.exe
4408	WMIC.exe

pid	process
5752	tasklist.exe
1532	tasklist.exe
5480	tasklist.exe
4316	tasklist.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{3DDF3082-F6E8-4C27-BFA4-96E417938B3E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

7zFM.exe7zFM.exe

pid	process
4804	7zFM.exe
4804	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe
4512	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

7zFM.exe7zFM.exe

pid process

4804 7zFM.exe
4512 7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exe7zFM.exeWMIC.exeWMIC.exetasklist.exe

description	pid	process
Token: SeRestorePrivilege	4804	7zFM.exe
Token: 35	4804	7zFM.exe
Token: SeSecurityPrivilege	4804	7zFM.exe
Token: SeSecurityPrivilege	4804	7zFM.exe
Token: SeRestorePrivilege	4512	7zFM.exe
Token: 35	4512	7zFM.exe
Token: SeSecurityPrivilege	4512	7zFM.exe
Token: SeIncreaseQuotaPrivilege	5456	WMIC.exe
Token: SeSecurityPrivilege	5456	WMIC.exe
Token: SeTakeOwnershipPrivilege	5456	WMIC.exe
Token: SeLoadDriverPrivilege	5456	WMIC.exe
Token: SeSystemProfilePrivilege	5456	WMIC.exe
Token: SeSystemtimePrivilege	5456	WMIC.exe
Token: SeProfSingleProcessPrivilege	5456	WMIC.exe
Token: SeIncBasePriorityPrivilege	5456	WMIC.exe
Token: SeCreatePagefilePrivilege	5456	WMIC.exe
Token: SeBackupPrivilege	5456	WMIC.exe
Token: SeRestorePrivilege	5456	WMIC.exe
Token: SeShutdownPrivilege	5456	WMIC.exe
Token: SeDebugPrivilege	5456	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5456	WMIC.exe
Token: SeRemoteShutdownPrivilege	5456	WMIC.exe
Token: SeUndockPrivilege	5456	WMIC.exe
Token: SeManageVolumePrivilege	5456	WMIC.exe
Token: 33	5456	WMIC.exe
Token: 34	5456	WMIC.exe
Token: 35	5456	WMIC.exe
Token: 36	5456	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4408	WMIC.exe
Token: SeSecurityPrivilege	4408	WMIC.exe
Token: SeTakeOwnershipPrivilege	4408	WMIC.exe
Token: SeLoadDriverPrivilege	4408	WMIC.exe
Token: SeSystemProfilePrivilege	4408	WMIC.exe
Token: SeSystemtimePrivilege	4408	WMIC.exe
Token: SeProfSingleProcessPrivilege	4408	WMIC.exe
Token: SeIncBasePriorityPrivilege	4408	WMIC.exe
Token: SeCreatePagefilePrivilege	4408	WMIC.exe
Token: SeBackupPrivilege	4408	WMIC.exe
Token: SeRestorePrivilege	4408	WMIC.exe
Token: SeShutdownPrivilege	4408	WMIC.exe
Token: SeDebugPrivilege	4408	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4408	WMIC.exe
Token: SeRemoteShutdownPrivilege	4408	WMIC.exe
Token: SeUndockPrivilege	4408	WMIC.exe
Token: SeManageVolumePrivilege	4408	WMIC.exe
Token: 33	4408	WMIC.exe
Token: 34	4408	WMIC.exe
Token: 35	4408	WMIC.exe
Token: 36	4408	WMIC.exe
Token: SeDebugPrivilege	5752	tasklist.exe
Token: SeIncreaseQuotaPrivilege	5456	WMIC.exe
Token: SeSecurityPrivilege	5456	WMIC.exe
Token: SeTakeOwnershipPrivilege	5456	WMIC.exe
Token: SeLoadDriverPrivilege	5456	WMIC.exe
Token: SeSystemProfilePrivilege	5456	WMIC.exe
Token: SeSystemtimePrivilege	5456	WMIC.exe
Token: SeProfSingleProcessPrivilege	5456	WMIC.exe
Token: SeIncBasePriorityPrivilege	5456	WMIC.exe
Token: SeCreatePagefilePrivilege	5456	WMIC.exe
Token: SeBackupPrivilege	5456	WMIC.exe
Token: SeRestorePrivilege	5456	WMIC.exe
Token: SeShutdownPrivilege	5456	WMIC.exe
Token: SeDebugPrivilege	5456	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5456	WMIC.exe

Suspicious use of FindShellTrayWindow 12 IoCs

Processes:

7zFM.exe7zFM.exe

pid process

4804 7zFM.exe
4804 7zFM.exe
4804 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
4512 7zFM.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

winrar-x64-701.exewinrar-x64-701.exe

pid process

264 winrar-x64-701.exe
264 winrar-x64-701.exe
264 winrar-x64-701.exe
4772 winrar-x64-701.exe
4772 winrar-x64-701.exe
4772 winrar-x64-701.exe

pid	process
264	winrar-x64-701.exe
264	winrar-x64-701.exe
264	winrar-x64-701.exe
4772	winrar-x64-701.exe
4772	winrar-x64-701.exe
4772	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7zFM.exeSetup.exeSetup.exe7zFM.exeElectronV3.exeElectronV3.execmd.execmd.execmd.execmd.execmd.execmd.exeElectronV3.exeElectronV3.exe

description	pid	process	target process
PID 4804 wrote to memory of 1168	4804	7zFM.exe	Setup.exe
PID 4804 wrote to memory of 1168	4804	7zFM.exe	Setup.exe
PID 4804 wrote to memory of 1168	4804	7zFM.exe	Setup.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 1168 wrote to memory of 4512	1168	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4384 wrote to memory of 3676	4384	Setup.exe	RegAsm.exe
PID 4512 wrote to memory of 1744	4512	7zFM.exe	ElectronV3.exe
PID 4512 wrote to memory of 1744	4512	7zFM.exe	ElectronV3.exe
PID 1744 wrote to memory of 2880	1744	ElectronV3.exe	ElectronV3.exe
PID 1744 wrote to memory of 2880	1744	ElectronV3.exe	ElectronV3.exe
PID 2880 wrote to memory of 5256	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 5256	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 2948	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 2948	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 1764	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 1764	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 4456	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 4456	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 1864	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 1864	2880	ElectronV3.exe	cmd.exe
PID 1764 wrote to memory of 5456	1764	cmd.exe	WMIC.exe
PID 1764 wrote to memory of 5456	1764	cmd.exe	WMIC.exe
PID 2948 wrote to memory of 4408	2948	cmd.exe	WMIC.exe
PID 2948 wrote to memory of 4408	2948	cmd.exe	WMIC.exe
PID 1864 wrote to memory of 5752	1864	cmd.exe	tasklist.exe
PID 1864 wrote to memory of 5752	1864	cmd.exe	tasklist.exe
PID 2880 wrote to memory of 5944	2880	ElectronV3.exe	svchost.exe
PID 2880 wrote to memory of 5944	2880	ElectronV3.exe	svchost.exe
PID 5944 wrote to memory of 692	5944	cmd.exe	WMIC.exe
PID 5944 wrote to memory of 692	5944	cmd.exe	WMIC.exe
PID 2880 wrote to memory of 4796	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 4796	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 3708	2880	ElectronV3.exe	cmd.exe
PID 2880 wrote to memory of 3708	2880	ElectronV3.exe	cmd.exe
PID 4796 wrote to memory of 4836	4796	cmd.exe	WMIC.exe
PID 4796 wrote to memory of 4836	4796	cmd.exe	WMIC.exe
PID 3708 wrote to memory of 1532	3708	cmd.exe	tasklist.exe
PID 3708 wrote to memory of 1532	3708	cmd.exe	tasklist.exe
PID 4512 wrote to memory of 4444	4512	7zFM.exe	ElectronV3.exe
PID 4512 wrote to memory of 4444	4512	7zFM.exe	ElectronV3.exe
PID 4512 wrote to memory of 5360	4512	7zFM.exe	ElectronV3.exe
PID 4512 wrote to memory of 5360	4512	7zFM.exe	ElectronV3.exe
PID 4444 wrote to memory of 4008	4444	ElectronV3.exe	ElectronV3.exe
PID 4444 wrote to memory of 4008	4444	ElectronV3.exe	ElectronV3.exe
PID 4512 wrote to memory of 4584	4512	7zFM.exe	ElectronV3.exe
PID 4512 wrote to memory of 4584	4512	7zFM.exe	ElectronV3.exe
PID 5360 wrote to memory of 208	5360	ElectronV3.exe	ElectronV3.exe
PID 5360 wrote to memory of 208	5360	ElectronV3.exe	ElectronV3.exe
PID 4512 wrote to memory of 4664	4512	7zFM.exe	ElectronV3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Imran407704/roblox-executor
1⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1728 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5088 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5896 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5996 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6048 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6076 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3408 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4756 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:264

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Setup_.password_1234.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4804

C:\Users\Admin\AppData\Local\Temp\7zO4C22F2D8\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4C22F2D8\Setup.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1168

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 644
3⤵
- Program crash
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5280 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1168 -ip 1168
1⤵
PID:3644

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 620
2⤵
- Program crash
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4384 -ip 4384
1⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5748 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5708 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5668 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6800 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5904 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=5704 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6868 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6844 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
- Modifies registry class
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6548 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=7356 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=7472 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=7224 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=6944 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=7192 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=7184 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6064 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8432 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:2216

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7784 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=6724 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=7628 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=7404 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4816

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x300
1⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=5508 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=7608 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=6436 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=6600 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=7008 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1844

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5c6a54c4237d4c2aa2dc6fef89a01fe9 /t 4820 /p 264
1⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=6948 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=7588 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=8248 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1192

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=6624 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=6992 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=7532 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=7712 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=8476 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=8600 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=8848 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=9016 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=8792 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=9092 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=9420 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=9580 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=9724 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --mojo-platform-channel-handle=9888 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=9688 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=9232 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=8648 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=10020 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=9876 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6600 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=7700 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=6416 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=6412 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=6536 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=4816 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=6972 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=7056 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=4180 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=6352 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=3752 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=8308 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=9844 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=9832 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
- Drops file in Program Files directory
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6432 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:3456

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Electron V3.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4512

C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1744

C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:5256

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
4⤵
- Suspicious use of WriteProcessMemory
PID:2948

C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
5⤵
- Detects videocard installed
- Suspicious use of AdjustPrivilegeToken
PID:4408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
4⤵
- Suspicious use of WriteProcessMemory
PID:1764

C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get Manufacturer
5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "gdb --version"
4⤵
PID:4456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
4⤵
- Suspicious use of WriteProcessMemory
PID:1864

C:\Windows\system32\tasklist.exe
tasklist
5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
4⤵
- Suspicious use of WriteProcessMemory
PID:5944

C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get Manufacturer
5⤵
PID:692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
4⤵
- Suspicious use of WriteProcessMemory
PID:4796

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
5⤵
PID:4836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
4⤵
- Suspicious use of WriteProcessMemory
PID:3708

C:\Windows\system32\tasklist.exe
tasklist
5⤵
- Enumerates processes with tasklist
PID:1532

C:\Users\Admin\AppData\Local\Temp\7zO0A1EC52E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A1EC52E\ElectronV3.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4444

C:\Users\Admin\AppData\Local\Temp\7zO0A1EC52E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A1EC52E\ElectronV3.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\7zO0A102B3E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A102B3E\ElectronV3.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5360

C:\Users\Admin\AppData\Local\Temp\7zO0A102B3E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A102B3E\ElectronV3.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:208

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:3608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
4⤵
PID:1728

C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
5⤵
- Detects videocard installed
PID:1832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
4⤵
PID:4752

C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get Manufacturer
5⤵
PID:1652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "gdb --version"
4⤵
PID:1836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
4⤵
PID:1796

C:\Windows\system32\tasklist.exe
tasklist
5⤵
- Enumerates processes with tasklist
PID:5480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
4⤵
PID:1516

C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_ComputerSystem get Manufacturer
5⤵
PID:1600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
4⤵
PID:2232

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
5⤵
PID:5552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
4⤵
PID:4940

C:\Windows\system32\tasklist.exe
tasklist
5⤵
- Enumerates processes with tasklist
PID:4316

C:\Users\Admin\AppData\Local\Temp\7zO0A129E3E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A129E3E\ElectronV3.exe"
2⤵
- Executes dropped EXE
PID:4584

C:\Users\Admin\AppData\Local\Temp\7zO0A129E3E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A129E3E\ElectronV3.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\7zO0A14DC3E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A14DC3E\ElectronV3.exe"
2⤵
- Executes dropped EXE
PID:4664

C:\Users\Admin\AppData\Local\Temp\7zO0A14DC3E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A14DC3E\ElectronV3.exe"
3⤵
- Executes dropped EXE
PID:5416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\7zO0A1A103E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A1A103E\ElectronV3.exe"
2⤵
- Executes dropped EXE
PID:5244

C:\Users\Admin\AppData\Local\Temp\7zO0A1A103E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A1A103E\ElectronV3.exe"
3⤵
- Executes dropped EXE
PID:1740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\7zO0A19373E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A19373E\ElectronV3.exe"
2⤵
- Executes dropped EXE
PID:4876

C:\Users\Admin\AppData\Local\Temp\7zO0A19373E\ElectronV3.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0A19373E\ElectronV3.exe"
3⤵
- Executes dropped EXE
PID:4068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
4⤵
PID:5720

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\99a5870de0e8445596f2394e7a617a31 /t 5024 /p 4772
1⤵
PID:2368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=7208 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=7028 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=6092 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=8684 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=8248 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=6420 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=8384 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=9508 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=7716 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=8872 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=7668 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --mojo-platform-channel-handle=6784 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --mojo-platform-channel-handle=8576 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --mojo-platform-channel-handle=9872 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --mojo-platform-channel-handle=9232 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --mojo-platform-channel-handle=10016 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --mojo-platform-channel-handle=8832 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --mojo-platform-channel-handle=9048 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --mojo-platform-channel-handle=10368 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --mojo-platform-channel-handle=10544 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
1⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=8412 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:6852

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zO0A1833FD\ElectronV3.exe
Filesize
24.3MB

MD5
dc4daa4ae573a0874b032175c62e8a2f

SHA1
3fb4726a801433670895c26535a38fd85861d6fa

SHA256
eacf7306a01a58e9db080609a688b293b1e4e3899524e335ca846ce3691e022e

SHA512
e045e5d1ea75e4c7a81f0abe68e472f9a8912f2bc9ae28de74a872c5221e4516a74060de1118dfe18b06749cb231ef35f63a17a52f7cf4e3499568b3c32d630d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4C22F2D8\Setup.exe
Filesize
951KB

MD5
e86d9ad8b70cdb49b54bcd969b724d19

SHA1
966b40f9c5493d356bea4d16c5e90728c9e8cee2

SHA256
3bf3a7653abce050a672207777f823b5bfee766a18a597ae8a63184323980e85

SHA512
d096adbf6f6fe1d8bfd660509c1905a6c17be7bbb460058130db0e500ee617a7424b1cf101dc03a52dee2f9c0c8a52aadd256469d32f351d352f3715928044bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\VCRUNTIME140.dll
Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_asyncio.pyd
Filesize
31KB

MD5
480d3f4496e16d54bb5313d206164134

SHA1
3db3a9f21be88e0b759855bf4f937d0bbfdf1734

SHA256
568fb5c3d9b170ce1081ad12818b9a12f44ab1577449425a3ef30c2efbee613d

SHA512
8e887e8de9c31dbb6d0a85b4d6d4157e917707e63ce5f119bb4b03cb28d41af90d087e3843f3a4c2509bca70cdac3941e00b8a5144ade8532a97166a5d0a7bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_bz2.pyd
Filesize
43KB

MD5
39b487c3e69816bd473e93653dbd9b7f

SHA1
bdce6fde092a3f421193ddb65df893c40542a4e2

SHA256
a1629c455be2cf55e36021704716f4b16a96330fe993aae9e818f67c4026fcdc

SHA512
7543c1555e8897d15c952b89427e7d06c32e250223e85fafae570f8a0fa13c39fb6fc322d043324a31b2f2f08d2f36e0da59dfd741d09c035d0429173b6badc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_cffi_backend.cp310-win_amd64.pyd
Filesize
71KB

MD5
641e49ce0c4fa963d347fbf915aabdbe

SHA1
1351f6c4ac5dcda7e3ffbf3d5e355b4bb864eb10

SHA256
1c795df278c7f64be8e6973f8dbf1a625997cb39ae2dcb5bee0ca4c1b90c8906

SHA512
766b9adb5143e89d663177c2fb0e951afb84c0a43ec690ae2c477ee0bbe036df6f4161a6012430d42e4913fd5fbe7e49af6d13ac7c62d042a484861fc5a04616

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_ctypes.pyd
Filesize
53KB

MD5
b1f12f4bfc0bd49a6646a0786bc5bc00

SHA1
acb7d8c665bb8ca93e5f21e178870e3d141d7cbc

SHA256
1fe61645ed626fc1dec56b2e90e8e551066a7ff86edbd67b41cb92211358f3d7

SHA512
a3fb041bd122638873c395b95f1a541007123f271572a8a988c9d01d2b2d7bb20d70e1d97fc3abffd28cb704990b41d8984974c344faea98dd0c6b07472b5731

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_decimal.pyd
Filesize
101KB

MD5
b7f498da5aec35140a6d928a8f792911

SHA1
95ab794a2d4cb8074a23d84b10cd62f7d12a4cd0

SHA256
b15f0dc3ce6955336162c9428077dcedfa1c52e60296251521819f3239c26ee8

SHA512
5fcb2d5325a6a4b7aff047091957ba7f13de548c5330f0149682d44140ac0af06837465871c598db71830fd3b2958220f80ae8744ef16fdb7336b3d6a5039e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_hashlib.pyd
Filesize
30KB

MD5
31dfa2caaee02cc38adf4897b192d6d1

SHA1
9be57a9bad1cb420675f5b9e04c48b76d18f4a19

SHA256
dc045ac7d4bde60b0f122d307fcd2bbaf5e1261a280c4fb67cfc43de5c0c2a0f

SHA512
3e58c083e1e3201a9fbbf6a4fcbc2b0273cf22badabab8701b10b3f8fdd20b11758cdcfead557420393948434e340aad751a4c7aa740097ab29d1773ea3a0100

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_lzma.pyd
Filesize
81KB

MD5
95badb08cd77e563c9753fadc39a34dd

SHA1
b3c3dfe64e89b5e7afb5f064bbf9d8d458f626a0

SHA256
5545627b465d780b6107680922ef44144a22939dd406deae44858b79747e301a

SHA512
eb36934b73f36ba2162e75f0866435f57088777dc40379f766366c26d40f185de5be3da55d17f5b82cb498025d8d90bc16152900502eb7f5de88bbef84ace2cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_multiprocessing.pyd
Filesize
22KB

MD5
28f6fcc0b7bb10a45ff1370c9e1b9561

SHA1
c7669f406b5ec2306a402e872dec17380219907a

SHA256
6dd33d49554ee61490725ea2c9129c15544791ab7a65fb523cc9b4f88d38744b

SHA512
2aef40344e80c3518afc07bf6ad4c96c4fff44434f8307e2efa544290d59504d7b014d7ea94af0377e342a632d6c4c74bfdf16d26f92ccc7062be618ea4dbee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_overlapped.pyd
Filesize
27KB

MD5
745706ab482fe9c9f92383292f121072

SHA1
439f00978795d0845aceaf007fd76ff5947567fd

SHA256
4d98e7d1b74bd209f8c66e1a276f60b470f6a5d6f519f76a91eb75be157a903d

SHA512
52fe3dfc45c380dfb1d9b6e453bdffcd92d57ad7b7312d0b9a86a76d437c512a17da33822f8e81760710d8ff4fd6a4b702d2abfffc600c9350d4d463451d38d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_queue.pyd
Filesize
21KB

MD5
18b8b2b0aefcee9527299c464b7f6d3d

SHA1
a565216faee2534bbda5b3f65aeb2eef5fd9bcda

SHA256
6f334fa1474116dd499a125f3b5ca4cd698039446faf50340f9a3f7af3adb8c2

SHA512
0b56e9d89f4dd3da830954b6561c49c06775854e0b27bc2b07ea8e9c79829d66dae186b95209c8c4cc7c3a7ba6b03cdf134b2e0036cea929e61d755d4709abcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_socket.pyd
Filesize
38KB

MD5
f675cf3cdd836cacfab9c89ab9f97108

SHA1
3e077bf518f7a4cb30ea4607338cff025d4d476e

SHA256
bb82a23d8dc6bf4c9aeb91d3f3bef069276ae3b14eeca100b988b85dd21e2dd3

SHA512
e2344b5f59bd0fad3570977edf0505aa2e05618e66d07c9f93b163fc151c4e1d6fbc0e25b7c989505c1270f8cd4840c6120a73a7ad64591ee3c4fb282375465e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_sqlite3.pyd
Filesize
45KB

MD5
1dbec8753e5cd062cd71a8bb294f28f9

SHA1
c32e9b577f588408a732047863e04a1db6ca231e

SHA256
6d95d41a36b5c9e3a895eff91149978aa383b6a8617d542accef2080737c3cad

SHA512
a1c95dbb1a9e2ffbcc9422f53780b35fbc77cb56ac3562afb8753161a233e5efa8da8ad67f5bde5a094beb8331d9dab5c3d5e673a8d09fd6d0383a8a6ffda087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_ssl.pyd
Filesize
57KB

MD5
2edf5c4e534a45966a68033e7395f40d

SHA1
478ef27474eec0fd966d1663d2397e8fb47fec17

SHA256
7abc2b326f5b7c3011827eb7a5a4d896cc6b2619246826519b3f57d2bb99d3bd

SHA512
f83b698cfe702a15eb0267f254c593b90fa155ad2aefe75e5ba0ee5d4f38976882796cba2a027b42a910f244360177ac809891d505b3d0ae9276156b64850b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\_uuid.pyd
Filesize
18KB

MD5
b3e7fc44f12d2db5bad6922e0b1d927f

SHA1
3fe8ef4b6fb0bc590a1c0c0f5710453e8e340f8f

SHA256
6b93290a74fb288489405044a7dee7cca7c25fa854be9112427930dd739ebace

SHA512
a0465a38aaac2d501e9a12a67d5d71c9eeeb425f535c473fc27ac13c2bb307641cc3cef540472f916e341d7bada80a84b99d78850d94c95ee14139f8540d0c42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_helpers.cp310-win_amd64.pyd
Filesize
26KB

MD5
9957581b89a8a0c1fa8f10ed03faf862

SHA1
8a38fede27a2990d5ce9aa1e3664aa5617da1f32

SHA256
fbb576e7c8b4a96fa41dc629a336650a4362e61092423e977596c266dc23983f

SHA512
195566707019c8efdd8a11ebf3dfe30cf67f6d62cb2ca103d98a4ffca8574cc5df6d83b78ad891f369ea4318d1e7fc9466b1c17fb9cfea61a16960e9a2b26dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_http_parser.cp310-win_amd64.pyd
Filesize
78KB

MD5
4c47cc586ff34eb1e8ff5304de05cbfa

SHA1
dea8568ac69a6d75a2ed0cb96228f113ed55f364

SHA256
5a1f5f3b5c813c03821377b5ba3c5b3139de8a69415736fb2d8a022ef7160b30

SHA512
41a90bec5258047e10ced50195abae182f560fd118742e86a340eda54ae3ff4f031805763366a7c4e7e0944669691271432b9b3edc0cdb3f2851d27bee5608c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_http_writer.cp310-win_amd64.pyd
Filesize
24KB

MD5
29e8136c3e5f76cad4920b6af598a750

SHA1
04150e81d15700592654999e18a9ab956c5694fb

SHA256
efbac999cb548957e7fe424b15a4edc98a8544689b87cd8159f26dc25224d83c

SHA512
e7fe7ba7e457321bcdb226202fcaffe0cb95582354a592240d3b776b9f5663a94e38f9cf4f450102a5423fb0d238a0cb02e44c49dcddad45dbcbb9b714541827

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\aiohttp\_websocket.cp310-win_amd64.pyd
Filesize
19KB

MD5
af4bb56d74abb4de5f9fb4b91e16a017

SHA1
f83fa1b0c60afd5f6ab5be9e456cc6670b99361c

SHA256
5ecc8c1abf0dd9bb2449001ada615661923cf33e61dec1afbbc25bb1a353b3a4

SHA512
e3d9b4f61486e1aa0da84cdc7d3f065ee247d67e08da2392cbbbce4fbafb3e026f65c9a2a024423ea853d9f6a22b7c8ee64e4c433a1633ea7250c88fcb4b0603

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\base_library.zip
Filesize
858KB

MD5
1ebb920a2696a11237f3e8e4af10d802

SHA1
f86a052e2dfa2df8884ebf80832814f920a820e6

SHA256
d0e26325e67b3db749a83698413c4c270d8b26cd7dbc607006bc526ee784d6df

SHA512
2cfa6746dcdf575f26267b359a8820a6f29d81967c62131463802b30db2e17c8f159a2cbc652f25bdfdfd7c5942d26a26f9e1df984f8560696153a3427e4fb47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\libcrypto-1_1.dll
Filesize
1.1MB

MD5
700f32459dca0f54c982cd1c1ddd6b8b

SHA1
2538711c091ac3f572cb0f13539a68df0f228f28

SHA256
1de22bd1a0154d49f48b3fab94fb1fb1abd8bfed37d18e79a86ecd7cdab893c9

SHA512
99de1f5cb78c83fc6af0a475fb556f1ac58a1ba734efc69d507bf5dc1b0535a401d901324be845d7a59db021f8967cf33a7b105b2ddcb2e02a39dc0311e7c36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\libffi-7.dll
Filesize
23KB

MD5
d50ebf567149ead9d88933561cb87d09

SHA1
171df40e4187ebbfdf9aa1d76a33f769fb8a35ed

SHA256
6aa8e12ce7c8ad52dd2e3fabeb38a726447849669c084ea63d8e322a193033af

SHA512
7bcc9d6d3a097333e1e4b2b23c81ea1b5db7dbdc5d9d62ebaffb0fdfb6cfe86161520ac14dc835d1939be22b9f342531f48da70f765a60b8e2c3d7b9983021de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\libssl-1_1.dll
Filesize
198KB

MD5
45498cefc9ead03a63c2822581cd11c6

SHA1
f96b6373237317e606b3715705a71db47e2cafad

SHA256
a84174a00dc98c98240ad5ee16c35e6ef932cebd5b8048ff418d3dd80f20deca

SHA512
4d3d8d33e7f3c2bf1cad3afbfba6ba53852d1314713ad60eeae1d51cc299a52b73da2c629273f9e0b7983ca01544c3645451cfa247911af4f81ca88a82cf6a80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\multidict\_multidict.cp310-win_amd64.pyd
Filesize
20KB

MD5
58a0ff76a0d7d3cd86ceb599d247c612

SHA1
af52bdb9556ef4b9d38cf0f0b9283494daa556a6

SHA256
2079d8be068f67fb2ece4fb3f5927c91c1c25edecb9d1c480829eb1cd21d7cc5

SHA512
e2d4f80cdeba2f5749a4d3de542e09866055d8aee1d308b96cb61bc53f4495c781e9b2559cc6a5f160be96b307539a8b6e06cabeffcc0ddb9ad4107dcacd8a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\pyexpat.pyd
Filesize
81KB

MD5
b4cf065f5e5b7a5bc2dd2b2e09bea305

SHA1
d289a500ffd399053767ee7339e48c161655b532

SHA256
9b5f407a2a1feaa76c6d3058a2f04c023b1c50b31d417bbfee69024098e4938b

SHA512
ddd9e216b11152d6a50481e06bb409335d36ce7fe63072aa0c7789c541593f2d7e8b4373be67a018c59f5e418e5a39a3ad729b732f11fa253f6275a64e125989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\python3.DLL
Filesize
60KB

MD5
a5471f05fd616b0f8e582211ea470a15

SHA1
cb5f8bf048dc4fc58f80bdfd2e04570dbef4730e

SHA256
8d5e09791b8b251676e16bdd66a7118d88b10b66ad80a87d5897fadbefb91790

SHA512
e87d06778201615b129dcf4e8b4059399128276eb87102b5c3a64b6e92714f6b0d5bde5df4413cc1b66d33a77d7a3912eaa1035f73565dbfd62280d09d46abff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\python310.dll
Filesize
1.4MB

MD5
90d5b8ba675bbb23f01048712813c746

SHA1
f2906160f9fc2fa719fea7d37e145156742ea8a7

SHA256
3a7d497d779ff13082835834a1512b0c11185dd499ab86be830858e7f8aaeb3e

SHA512
872c2bf56c3fe180d9b4fb835a92e1dc188822e9d9183aab34b305408bb82fba1ead04711e8ad2bef1534e86cd49f2445d728851206d7899c1a7a83e5a62058e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\select.pyd
Filesize
21KB

MD5
740424368fb6339d67941015e7ac4096

SHA1
64f3fab24f469a027ddfcf0329eca121f4164e45

SHA256
a389eae40188282c91e0cdf38c79819f475375860225b6963deb11623485b76d

SHA512
6d17dc3f294f245b4ca2eca8e62f4c070c7b8a5325349bc25ebaeea291a5a5ebd268bd1321c08755141aa58de0f985adc67335b4f83bc1aeec4b398d0f538e0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\sqlite3.dll
Filesize
605KB

MD5
7055e9008e847cb6015b1bb89f26c7ac

SHA1
c7c844cb46f8287a88bec3bd5d02647f5a07ae80

SHA256
2884d8e9007461ab6e8bbdd37c6bc4f6de472bbd52ec5b53e0a635075d86b871

SHA512
651b7b8c2518e4826d84c89be5052fd944f58f558c51cc905da181049850186d0a87fd2e05734fbe6a69618a6e48261a9fdd043ab17eb01620c6510e96d57008

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\unicodedata.pyd
Filesize
285KB

MD5
0c26e9925bea49d7cf03cfc371283a9b

SHA1
89290d3e43e18165cb07a7a4f99855b9e8466b21

SHA256
13c2ea04a1d40588536f1d7027c8d0ea228a9fb328ca720d6c53b96a8e1ae724

SHA512
6a3cd4b48f7c0087f4a1bdc1241df71d56bd90226759481f17f56baa1b991d1af0ba5798a2b7ba57d9ffa9ec03a12bfac81df2fba88765bd369435ff21a941e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17442\yarl\_quoting_c.cp310-win_amd64.pyd
Filesize
40KB

MD5
c14493cd3cc9b9b5f850b5fadcbe936e

SHA1
eddb260ff89bfa132a479fdf783c67098011fb85

SHA256
1782f3c12b3eb01716fcd59b0cd69c02c2fb888db4377f4d5fe00f07986be8e3

SHA512
0a7b85322b8fa566fb3d24b8e4021fb64433be06c3c4dbeb06d9633e4af0a5b76252fb2228de0abd818be5f4a18fffc712c727816632dd8c8585c9a9a7bf0fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\attrs-23.2.0.dist-info\METADATA
Filesize
9KB

MD5
e32d387a89f0114b8f9b9a809905299d

SHA1
a055c9fbf5416c83d5150d49ca16c58762b8b84a

SHA256
5b0bc6ece1f22a310fa72154642098b759f413f09ca9d45bedb96218475c9be0

SHA512
6eee3e19af46a79e2110678f8d3d15ea4b2eb1355d0fc9581da2c8e91d28926a2771394ea447e15cbc311a9dd9de2a20e2ac0e0abf9db6d4d51982199a12e881

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\attrs-23.2.0.dist-info\RECORD
Filesize
3KB

MD5
6c52aedcea3e17f16fecf785b40569bc

SHA1
542af34619af0f8ffe4d82ae97399aa81dee4b3c

SHA256
18df33cd1686d0a82caf42c65f8070d8af90d7b77452d7b3926aa69ddd0ad028

SHA512
661cb60c08597511ebcc0c2b7472203d67d725d2a23eba544743576f70612d86a30bd2a20bd3cbeb8c45cf5435a0c205d036ca3b4fdb8a1bf5476c939e0868a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\attrs-23.2.0.dist-info\WHEEL
Filesize
87B

MD5
c58f7d318baa542f6bfd220f837ab63f

SHA1
f655fc3c0eb1bf12629c5750b2892bd896c3e7d9

SHA256
99161210bdc887a8396bf095308730885fffd007b8fe02d8874d5814dc22ab59

SHA512
3da6980a39c368ab7f7527fcd5fcdaa9d321060174baae163bf73f8052a2ac1a73f476c3882855965dfc2cb13c7c3ec1a012882201389dac887f9be59540c80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\attrs-23.2.0.dist-info\licenses\LICENSE
Filesize
1KB

MD5
5e55731824cf9205cfabeab9a0600887

SHA1
243e9dd038d3d68c67d42c0c4ba80622c2a56246

SHA256
882115c95dfc2af1eeb6714f8ec6d5cbcabf667caff8729f42420da63f714e9f

SHA512
21b242bf6dcbafa16336d77a40e69685d7e64a43cc30e13e484c72a93cd4496a7276e18137dc601b6a8c3c193cb775db89853ecc6d6eb2956deee36826d5ebfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\LICENSE
Filesize
197B

MD5
8c3617db4fb6fae01f1d253ab91511e4

SHA1
e442040c26cd76d1b946822caf29011a51f75d6d

SHA256
3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb

SHA512
77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\LICENSE.APACHE
Filesize
11KB

MD5
4e168cce331e5c827d4c2b68a6200e1b

SHA1
de33ead2bee64352544ce0aa9e410c0c44fdf7d9

SHA256
aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe

SHA512
f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\LICENSE.BSD
Filesize
1KB

MD5
5ae30ba4123bc4f2fa49aa0b0dce887b

SHA1
ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8

SHA256
602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb

SHA512
ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\METADATA
Filesize
5KB

MD5
60c5dd5852f536c75e87ab6d99eb29b4

SHA1
91d7eb8c80664a366c0c0a5f15a0a705412628db

SHA256
c40189be2a0065099c78011e9a8194d493e55aa00f377a0bcbf0246998356851

SHA512
7cd59c486c9453e28cd3efb6ea3d3a7433f983b579a35974624d2c908a73eb2f4970fe896e11a92bd84c9bdb9f553af6dad35b85bf1f5cf165ba77d71cd51c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\RECORD
Filesize
14KB

MD5
a89759b7ba1b42dbabaf401b5de26587

SHA1
5ac68a61cd08f9134b0db60c8f48a9879cac2bea

SHA256
09eebc350bc691475265cafa6d55d233a3b4954bd028916a54f9577509799350

SHA512
919616812553b3b37d7a8ce8be6a2a30dc34fdf86213f1ce05a36adbcc7ab88809bd6c9d5f17742d6d39b4093cf2d24e0801afdb79ee163366b0d7d17b02fae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\WHEEL
Filesize
100B

MD5
c48772ff6f9f408d7160fe9537e150e0

SHA1
79d4978b413f7051c3721164812885381de2fdf5

SHA256
67325f22d7654f051b7a1d92bd644f6ebaa00df5bf7638a48219f07d19aa1484

SHA512
a817107d9f70177ea9ca6a370a2a0cb795346c9025388808402797f33144c1baf7e3de6406ff9e3d8a3486bdfaa630b90b63935925a36302ab19e4c78179674f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography-42.0.2.dist-info\top_level.txt
Filesize
13B

MD5
e7274bd06ff93210298e7117d11ea631

SHA1
7132c9ec1fd99924d658cc672f3afe98afefab8a

SHA256
28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97

SHA512
aa6021c4e60a6382630bebc1e16944f9b312359d645fc61219e9a3f19d876fd600e07dca6932dcd7a1e15bfdeac7dbdceb9fffcd5ca0e5377b82268ed19de225

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\cryptography\hazmat\bindings\_rust.pyd
Filesize
2.0MB

MD5
ee6736b4d99a613cdbf50416c7d12146

SHA1
adf884880497c13475f681b1366b5739463e434e

SHA256
4314c19d6c9042d26e8d31ef6b415ae1887cf551c0c1eddc0048852d70d160ee

SHA512
a4bf39451e23c70eae5c4892a1f69d8b52591a1fbd61cb727a4e000002474a0ffaf7a94a0839dfb48bef201f93d3615481405419a55321bd44b58de4ac4f0b11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46642\frozenlist\_frozenlist.cp310-win_amd64.pyd
Filesize
36KB

MD5
6106b4d1eec11d2a71def28d2a2afa46

SHA1
e10039eff42f88a2cd8dfe11d428c35f6178c6ce

SHA256
19b144f1bfeb38f5a88da4471d0e9eeefcee979e0d574ecf13a28d06bdf7f1da

SHA512
d08ba0cf57d533ce2df7027158329da66518fb1bf10220d836ce39bdf8bc0436dfc3a649cf937b3b3e2bb9ff0d3c9e964416e9ac965cff4b24bd203067f53d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI53602\attrs-23.2.0.dist-info\INSTALLER
Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
memory/208-533-0x00007FFEBCB40000-0x00007FFEBCB6E000-memory.dmp

Filesize
184KB

Download
memory/208-529-0x00007FFEA9EE0000-0x00007FFEA9F96000-memory.dmp

Filesize
728KB

Download
memory/208-583-0x00007FFEBCB10000-0x00007FFEBCB20000-memory.dmp

Filesize
64KB

Download
memory/208-584-0x00007FFEB7860000-0x00007FFEB7874000-memory.dmp

Filesize
80KB

Download
memory/208-585-0x00007FFEB7840000-0x00007FFEB7855000-memory.dmp

Filesize
84KB

Download
memory/208-587-0x00007FFEBC580000-0x00007FFEBC594000-memory.dmp

Filesize
80KB

Download
memory/208-600-0x00007FFEA9830000-0x00007FFEA9948000-memory.dmp

Filesize
1.1MB

Download
memory/208-528-0x00007FFEA9FA0000-0x00007FFEAA314000-memory.dmp

Filesize
3.5MB

Download
memory/208-604-0x00007FFEAC450000-0x00007FFEAC472000-memory.dmp

Filesize
136KB

Download
memory/208-598-0x00007FFEAB7F0000-0x00007FFEABC55000-memory.dmp

Filesize
4.4MB

Download
memory/208-513-0x00007FFEBCD70000-0x00007FFEBCD89000-memory.dmp

Filesize
100KB

Download
memory/208-490-0x00007FFEAA320000-0x00007FFEAA48D000-memory.dmp

Filesize
1.4MB

Download
memory/208-484-0x00007FFEBCB90000-0x00007FFEBCBBC000-memory.dmp

Filesize
176KB

Download
memory/208-485-0x00007FFEBCD50000-0x00007FFEBCD6E000-memory.dmp

Filesize
120KB

Download
memory/208-483-0x00007FFEBD400000-0x00007FFEBD40D000-memory.dmp

Filesize
52KB

Download
memory/208-461-0x00007FFEBD430000-0x00007FFEBD43F000-memory.dmp

Filesize
60KB

Download
memory/208-482-0x00007FFEBCD90000-0x00007FFEBCDA9000-memory.dmp

Filesize
100KB

Download
memory/208-380-0x00007FFEAB7F0000-0x00007FFEABC55000-memory.dmp

Filesize
4.4MB

Download
memory/208-460-0x00007FFEBCDE0000-0x00007FFEBCE04000-memory.dmp

Filesize
144KB

Download
memory/1168-9-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2880-137-0x000001C94F4B0000-0x000001C94F824000-memory.dmp

Filesize
3.5MB

Download
memory/2880-125-0x00007FFEBD0C0000-0x00007FFEBD0DE000-memory.dmp

Filesize
120KB

Download
memory/2880-175-0x00007FFEBC9F0000-0x00007FFEBCA0E000-memory.dmp

Filesize
120KB

Download
memory/2880-163-0x00007FFEBD090000-0x00007FFEBD0BE000-memory.dmp

Filesize
184KB

Download
memory/2880-176-0x00007FFEAA580000-0x00007FFEAAC72000-memory.dmp

Filesize
6.9MB

Download
memory/2880-162-0x00007FFEBCA50000-0x00007FFEBCA69000-memory.dmp

Filesize
100KB

Download
memory/2880-161-0x00007FFEBCB10000-0x00007FFEBCB27000-memory.dmp

Filesize
92KB

Download
memory/2880-160-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp

Filesize
1.4MB

Download
memory/2880-174-0x00007FFEBCBA0000-0x00007FFEBCBB4000-memory.dmp

Filesize
80KB

Download
memory/2880-177-0x00007FFEB84D0000-0x00007FFEB8508000-memory.dmp

Filesize
224KB

Download
memory/2880-186-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp

Filesize
4.4MB

Download
memory/2880-211-0x00007FFEB84D0000-0x00007FFEB8508000-memory.dmp

Filesize
224KB

Download
memory/2880-197-0x00007FFEAB8E0000-0x00007FFEABC54000-memory.dmp

Filesize
3.5MB

Download
memory/2880-210-0x00007FFEAA580000-0x00007FFEAAC72000-memory.dmp

Filesize
6.9MB

Download
memory/2880-209-0x00007FFEBC9F0000-0x00007FFEBCA0E000-memory.dmp

Filesize
120KB

Download
memory/2880-208-0x00007FFEBD400000-0x00007FFEBD40A000-memory.dmp

Filesize
40KB

Download
memory/2880-207-0x00007FFEBCA10000-0x00007FFEBCA21000-memory.dmp

Filesize
68KB

Download
memory/2880-206-0x00007FFEB7830000-0x00007FFEB7879000-memory.dmp

Filesize
292KB

Download
memory/2880-205-0x00007FFEBCA50000-0x00007FFEBCA69000-memory.dmp

Filesize
100KB

Download
memory/2880-204-0x00007FFEBCB10000-0x00007FFEBCB27000-memory.dmp

Filesize
92KB

Download
memory/2880-203-0x00007FFEBCB30000-0x00007FFEBCB52000-memory.dmp

Filesize
136KB

Download
memory/2880-202-0x00007FFEAB7C0000-0x00007FFEAB8D8000-memory.dmp

Filesize
1.1MB

Download
memory/2880-201-0x00007FFEBCB60000-0x00007FFEBCB75000-memory.dmp

Filesize
84KB

Download
memory/2880-200-0x00007FFEBCB80000-0x00007FFEBCB94000-memory.dmp

Filesize
80KB

Download
memory/2880-199-0x00007FFEBD430000-0x00007FFEBD440000-memory.dmp

Filesize
64KB

Download
memory/2880-198-0x00007FFEBCBA0000-0x00007FFEBCBB4000-memory.dmp

Filesize
80KB

Download
memory/2880-196-0x00007FFEBCD50000-0x00007FFEBCE06000-memory.dmp

Filesize
728KB

Download
memory/2880-194-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp

Filesize
1.4MB

Download
memory/2880-193-0x00007FFEBD0C0000-0x00007FFEBD0DE000-memory.dmp

Filesize
120KB

Download
memory/2880-192-0x00007FFEBD0E0000-0x00007FFEBD10C000-memory.dmp

Filesize
176KB

Download
memory/2880-191-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp

Filesize
100KB

Download
memory/2880-190-0x00007FFEBD460000-0x00007FFEBD46D000-memory.dmp

Filesize
52KB

Download
memory/2880-189-0x00007FFEBD160000-0x00007FFEBD179000-memory.dmp

Filesize
100KB

Download
memory/2880-188-0x00007FFEC48E0000-0x00007FFEC48EF000-memory.dmp

Filesize
60KB

Download
memory/2880-187-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp

Filesize
144KB

Download
memory/2880-195-0x00007FFEBD090000-0x00007FFEBD0BE000-memory.dmp

Filesize
184KB

Download
memory/2880-172-0x00007FFEBCA10000-0x00007FFEBCA21000-memory.dmp

Filesize
68KB

Download
memory/2880-86-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp

Filesize
4.4MB

Download
memory/2880-173-0x00007FFEBD400000-0x00007FFEBD40A000-memory.dmp

Filesize
40KB

Download
memory/2880-93-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp

Filesize
144KB

Download
memory/2880-115-0x00007FFEC48E0000-0x00007FFEC48EF000-memory.dmp

Filesize
60KB

Download
memory/2880-117-0x00007FFEBD160000-0x00007FFEBD179000-memory.dmp

Filesize
100KB

Download
memory/2880-119-0x00007FFEBD460000-0x00007FFEBD46D000-memory.dmp

Filesize
52KB

Download
memory/2880-121-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp

Filesize
100KB

Download
memory/2880-123-0x00007FFEBD0E0000-0x00007FFEBD10C000-memory.dmp

Filesize
176KB

Download
memory/2880-166-0x00007FFEBCD50000-0x00007FFEBCE06000-memory.dmp

Filesize
728KB

Download
memory/2880-169-0x000001C94F4B0000-0x000001C94F824000-memory.dmp

Filesize
3.5MB

Download
memory/2880-171-0x00007FFEAB8E0000-0x00007FFEABC54000-memory.dmp

Filesize
3.5MB

Download
memory/2880-127-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp

Filesize
1.4MB

Download
memory/2880-167-0x00007FFEB7830000-0x00007FFEB7879000-memory.dmp

Filesize
292KB

Download
memory/2880-150-0x00007FFEBD0E0000-0x00007FFEBD10C000-memory.dmp

Filesize
176KB

Download
memory/2880-151-0x00007FFEAB7C0000-0x00007FFEAB8D8000-memory.dmp

Filesize
1.1MB

Download
memory/2880-129-0x00007FFEBD090000-0x00007FFEBD0BE000-memory.dmp

Filesize
184KB

Download
memory/2880-134-0x00007FFEBCD50000-0x00007FFEBCE06000-memory.dmp

Filesize
728KB

Download
memory/2880-154-0x00007FFEBD0C0000-0x00007FFEBD0DE000-memory.dmp

Filesize
120KB

Download
memory/2880-132-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp

Filesize
4.4MB

Download
memory/2880-136-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp

Filesize
144KB

Download
memory/2880-135-0x00007FFEAB8E0000-0x00007FFEABC54000-memory.dmp

Filesize
3.5MB

Download
memory/2880-139-0x00007FFEBCBA0000-0x00007FFEBCBB4000-memory.dmp

Filesize
80KB

Download
memory/2880-143-0x00007FFEBD430000-0x00007FFEBD440000-memory.dmp

Filesize
64KB

Download
memory/2880-142-0x00007FFEBD160000-0x00007FFEBD179000-memory.dmp

Filesize
100KB

Download
memory/2880-146-0x00007FFEBCB80000-0x00007FFEBCB94000-memory.dmp

Filesize
80KB

Download
memory/2880-148-0x00007FFEBCB60000-0x00007FFEBCB75000-memory.dmp

Filesize
84KB

Download
memory/2880-147-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp

Filesize
100KB

Download
memory/2880-155-0x00007FFEBCB30000-0x00007FFEBCB52000-memory.dmp

Filesize
136KB

Download
memory/4008-708-0x00007FFEAC430000-0x00007FFEAC441000-memory.dmp

Filesize
68KB

Download
memory/4008-480-0x00007FFEAA900000-0x00007FFEAAC74000-memory.dmp

Filesize
3.5MB

Download
memory/4008-688-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp

Filesize
144KB

Download
memory/4008-599-0x00007FFEC48F0000-0x00007FFEC4914000-memory.dmp

Filesize
144KB

Download
memory/4008-696-0x00007FFEBCDB0000-0x00007FFEBCDDE000-memory.dmp

Filesize
184KB

Download
memory/4008-697-0x00007FFEAA900000-0x00007FFEAAC74000-memory.dmp

Filesize
3.5MB

Download
memory/4008-412-0x00007FFEBD0F0000-0x00007FFEBD109000-memory.dmp

Filesize
100KB

Download
memory/4008-687-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp

Filesize
4.4MB

Download
memory/4008-614-0x00007FFEBCAC0000-0x00007FFEBCAD7000-memory.dmp

Filesize
92KB

Download
memory/4008-611-0x00007FFEBD0A0000-0x00007FFEBD0BE000-memory.dmp

Filesize
120KB

Download
memory/4008-582-0x00007FFEB84E0000-0x00007FFEB8502000-memory.dmp

Filesize
136KB

Download
memory/4008-695-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp

Filesize
1.4MB

Download
memory/4008-580-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp

Filesize
4.4MB

Download
memory/4008-698-0x00007FFEB3570000-0x00007FFEB3626000-memory.dmp

Filesize
728KB

Download
memory/4008-699-0x00007FFEBCB20000-0x00007FFEBCB34000-memory.dmp

Filesize
80KB

Download
memory/4008-532-0x00007FFEBC9F0000-0x00007FFEBCA05000-memory.dmp

Filesize
84KB

Download
memory/4008-531-0x00007FFEBCA50000-0x00007FFEBCA64000-memory.dmp

Filesize
80KB

Download
memory/4008-530-0x00007FFEBD090000-0x00007FFEBD0A0000-memory.dmp

Filesize
64KB

Download
memory/4008-608-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp

Filesize
100KB

Download
memory/4008-700-0x00007FFEBD090000-0x00007FFEBD0A0000-memory.dmp

Filesize
64KB

Download
memory/4008-701-0x00007FFEBCA50000-0x00007FFEBCA64000-memory.dmp

Filesize
80KB

Download
memory/4008-702-0x00007FFEBC9F0000-0x00007FFEBCA05000-memory.dmp

Filesize
84KB

Download
memory/4008-567-0x00007FFEA9950000-0x00007FFEA9A68000-memory.dmp

Filesize
1.1MB

Download
memory/4008-515-0x00007FFEBCB20000-0x00007FFEBCB34000-memory.dmp

Filesize
80KB

Download
memory/4008-481-0x00007FFEB3570000-0x00007FFEB3626000-memory.dmp

Filesize
728KB

Download
memory/4008-414-0x00007FFEBD0A0000-0x00007FFEBD0BE000-memory.dmp

Filesize
120KB

Download
memory/4008-398-0x00007FFEBD460000-0x00007FFEBD46D000-memory.dmp

Filesize
52KB

Download
memory/4008-397-0x00007FFEBD110000-0x00007FFEBD129000-memory.dmp

Filesize
100KB

Download
memory/4008-479-0x00007FFEBCDB0000-0x00007FFEBCDDE000-memory.dmp

Filesize
184KB

Download
memory/4008-703-0x00007FFEA9950000-0x00007FFEA9A68000-memory.dmp

Filesize
1.1MB

Download
memory/4008-704-0x00007FFEB84E0000-0x00007FFEB8502000-memory.dmp

Filesize
136KB

Download
memory/4008-413-0x00007FFEBD0C0000-0x00007FFEBD0EC000-memory.dmp

Filesize
176KB

Download
memory/4008-392-0x00007FFEC48E0000-0x00007FFEC48EF000-memory.dmp

Filesize
60KB

Download
memory/4008-342-0x00007FFEABC60000-0x00007FFEAC0C5000-memory.dmp

Filesize
4.4MB

Download
memory/4008-705-0x00007FFEBCAC0000-0x00007FFEBCAD7000-memory.dmp

Filesize
92KB

Download
memory/4008-706-0x00007FFEACAA0000-0x00007FFEACAB9000-memory.dmp

Filesize
100KB

Download
memory/4008-707-0x00007FFEAB7A0000-0x00007FFEAB7E9000-memory.dmp

Filesize
292KB

Download
memory/4008-437-0x00007FFEAC480000-0x00007FFEAC5ED000-memory.dmp

Filesize
1.4MB

Download
memory/4008-709-0x00007FFEBC920000-0x00007FFEBC92A000-memory.dmp

Filesize
40KB

Download
memory/4008-711-0x00007FFEA41E0000-0x00007FFEA48D2000-memory.dmp

Filesize
6.9MB

Download
memory/4008-712-0x00007FFEA70A0000-0x00007FFEA70D8000-memory.dmp

Filesize
224KB

Download
memory/4512-12-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4512-13-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4512-14-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4512-10-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/5416-536-0x00007FFEA9A70000-0x00007FFEA9ED5000-memory.dmp

Filesize
4.4MB

Download
memory/5416-612-0x00007FFEBD1C0000-0x00007FFEBD1D9000-memory.dmp

Filesize
100KB

Download
memory/5416-606-0x00007FFEC2CA0000-0x00007FFEC2CAF000-memory.dmp

Filesize
60KB

Download
memory/5416-613-0x00007FFEC17A0000-0x00007FFEC17AD000-memory.dmp

Filesize
52KB

Download
memory/5416-605-0x00007FFEACAC0000-0x00007FFEACAE4000-memory.dmp

Filesize
144KB

Download
memory/5992-734-0x00007FFEAA490000-0x00007FFEAA8F5000-memory.dmp

Filesize
4.4MB

Download
memory/5992-607-0x00007FFEB3530000-0x00007FFEB3549000-memory.dmp

Filesize
100KB

Download
memory/5992-610-0x00007FFEBD240000-0x00007FFEBD25E000-memory.dmp

Filesize
120KB

Download
memory/5992-581-0x00007FFEBCC80000-0x00007FFEBCC8F000-memory.dmp

Filesize
60KB

Download
memory/5992-586-0x00007FFEBC8B0000-0x00007FFEBC8D4000-memory.dmp

Filesize
144KB

Download
memory/5992-601-0x00007FFEBC940000-0x00007FFEBC94D000-memory.dmp

Filesize
52KB

Download
memory/5992-588-0x00007FFEB3550000-0x00007FFEB3569000-memory.dmp

Filesize
100KB

Download
memory/5992-609-0x00007FFEBCAE0000-0x00007FFEBCB0C000-memory.dmp

Filesize
176KB

Download
memory/5992-489-0x00007FFEAA490000-0x00007FFEAA8F5000-memory.dmp

Filesize
4.4MB

Download