hxxps://cdn[.]discordapp[.]com/attachments/1208562650766647378/1236822340722229269/maceta[.]exe?ex=66ad6c11&is=66ac1a91&hm=b67124ccf7d627d8c43df9d1345c5f3f67d18792e1f2f660b6b8fa361742629a&

Analysis

max time kernel
33s
max time network
19s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1208562650766647378/1236822340722229269/maceta.exe?ex=66ad6c11&is=66ac1a91&hm=b67124ccf7d627d8c43df9d1345c5f3f67d18792e1f2f660b6b8fa361742629a&

Score

8^/10

defense_evasion discovery pyinstaller upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4764	maceta.exe
2744	maceta.exe

Loads dropped DLL 23 IoCs

pid	Process
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe
2744	maceta.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002ab2c-161.dat	upx
behavioral1/memory/2744-165-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp	upx
behavioral1/files/0x000100000002aaed-167.dat	upx
behavioral1/files/0x000100000002ab25-171.dat	upx
behavioral1/files/0x000100000002aaeb-173.dat	upx
behavioral1/files/0x000100000002aaf0-179.dat	upx
behavioral1/memory/2744-178-0x00007FFCB2170000-0x00007FFCB218C000-memory.dmp	upx
behavioral1/files/0x000100000002ab2f-186.dat	upx
behavioral1/files/0x000100000002ab2e-188.dat	upx
behavioral1/memory/2744-191-0x00007FFCA0010000-0x00007FFCA00D8000-memory.dmp	upx
behavioral1/memory/2744-190-0x00007FFCAD850000-0x00007FFCAD880000-memory.dmp	upx
behavioral1/memory/2744-189-0x00007FFCB15D0000-0x00007FFCB15FC000-memory.dmp	upx
behavioral1/files/0x000100000002ab33-184.dat	upx
behavioral1/memory/2744-180-0x00007FFCB20B0000-0x00007FFCB20DE000-memory.dmp	upx
behavioral1/memory/2744-177-0x00007FFCB3250000-0x00007FFCB325F000-memory.dmp	upx
behavioral1/memory/2744-176-0x00007FFCB2F00000-0x00007FFCB2F27000-memory.dmp	upx
behavioral1/files/0x000100000002aaf2-195.dat	upx
behavioral1/files/0x000100000002aaf3-198.dat	upx
behavioral1/files/0x000100000002ab26-203.dat	upx
behavioral1/files/0x000100000002ab24-206.dat	upx
behavioral1/memory/2744-208-0x00007FFC9FF50000-0x00007FFCA0006000-memory.dmp	upx
behavioral1/memory/2744-209-0x00007FFC9FBE0000-0x00007FFC9FF4F000-memory.dmp	upx
behavioral1/files/0x000100000002aaef-212.dat	upx
behavioral1/files/0x000100000002aaf1-214.dat	upx
behavioral1/files/0x000100000002ab1e-218.dat	upx
behavioral1/files/0x000100000002ab32-220.dat	upx
behavioral1/memory/2744-225-0x00007FFC9FAC0000-0x00007FFC9FBD2000-memory.dmp	upx
behavioral1/files/0x000100000002ab29-227.dat	upx
behavioral1/memory/2744-224-0x00007FFCA1B50000-0x00007FFCA1B74000-memory.dmp	upx
behavioral1/memory/2744-223-0x00007FFCB1F30000-0x00007FFCB1F3B000-memory.dmp	upx
behavioral1/memory/2744-222-0x00007FFCB2160000-0x00007FFCB216D000-memory.dmp	upx
behavioral1/memory/2744-221-0x00007FFCA7560000-0x00007FFCA7571000-memory.dmp	upx
behavioral1/memory/2744-228-0x00007FFCA1B30000-0x00007FFCA1B4C000-memory.dmp	upx
behavioral1/files/0x000100000002ab1d-216.dat	upx
behavioral1/memory/2744-207-0x00007FFCA76F0000-0x00007FFCA771D000-memory.dmp	upx
behavioral1/memory/2744-200-0x00007FFCB2ED0000-0x00007FFCB2EDD000-memory.dmp	upx
behavioral1/memory/2744-199-0x00007FFCAD830000-0x00007FFCAD84A000-memory.dmp	upx
behavioral1/files/0x000100000002ab30-197.dat	upx
behavioral1/memory/2744-233-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp	upx
behavioral1/memory/2744-256-0x00007FFCB2F00000-0x00007FFCB2F27000-memory.dmp	upx
behavioral1/memory/2744-273-0x00007FFCA1B50000-0x00007FFCA1B74000-memory.dmp	upx
behavioral1/memory/2744-269-0x00007FFC9FBE0000-0x00007FFC9FF4F000-memory.dmp	upx
behavioral1/memory/2744-257-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp	upx
behavioral1/memory/2744-267-0x00007FFCA76F0000-0x00007FFCA771D000-memory.dmp	upx
behavioral1/memory/2744-265-0x00007FFCAD830000-0x00007FFCAD84A000-memory.dmp	upx
behavioral1/memory/2744-264-0x00007FFCA0010000-0x00007FFCA00D8000-memory.dmp	upx
behavioral1/memory/2744-263-0x00007FFCAD850000-0x00007FFCAD880000-memory.dmp	upx
behavioral1/memory/2744-268-0x00007FFC9FF50000-0x00007FFCA0006000-memory.dmp	upx
behavioral1/memory/2744-274-0x00007FFC9FAC0000-0x00007FFC9FBD2000-memory.dmp	upx
behavioral1/memory/2744-293-0x00007FFCB1F30000-0x00007FFCB1F3B000-memory.dmp	upx
behavioral1/memory/2744-296-0x00007FFCA1B30000-0x00007FFCA1B4C000-memory.dmp	upx
behavioral1/memory/2744-295-0x00007FFC9FAC0000-0x00007FFC9FBD2000-memory.dmp	upx
behavioral1/memory/2744-294-0x00007FFCA1B50000-0x00007FFCA1B74000-memory.dmp	upx
behavioral1/memory/2744-292-0x00007FFCB2160000-0x00007FFCB216D000-memory.dmp	upx
behavioral1/memory/2744-291-0x00007FFCA7560000-0x00007FFCA7571000-memory.dmp	upx
behavioral1/memory/2744-290-0x00007FFC9FBE0000-0x00007FFC9FF4F000-memory.dmp	upx
behavioral1/memory/2744-289-0x00007FFC9FF50000-0x00007FFCA0006000-memory.dmp	upx
behavioral1/memory/2744-288-0x00007FFCA76F0000-0x00007FFCA771D000-memory.dmp	upx
behavioral1/memory/2744-287-0x00007FFCB2ED0000-0x00007FFCB2EDD000-memory.dmp	upx
behavioral1/memory/2744-286-0x00007FFCAD830000-0x00007FFCAD84A000-memory.dmp	upx
behavioral1/memory/2744-285-0x00007FFCA0010000-0x00007FFCA00D8000-memory.dmp	upx
behavioral1/memory/2744-284-0x00007FFCAD850000-0x00007FFCAD880000-memory.dmp	upx
behavioral1/memory/2744-283-0x00007FFCB15D0000-0x00007FFCB15FC000-memory.dmp	upx
behavioral1/memory/2744-282-0x00007FFCB20B0000-0x00007FFCB20DE000-memory.dmp	upx

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\maceta.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000300000002aa85-46.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 511371.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\maceta.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
4972	msedge.exe
4972	msedge.exe
1120	msedge.exe
1120	msedge.exe
1624	identity_helper.exe
1624	identity_helper.exe
4092	msedge.exe
4092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2744	maceta.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 3200	4972	msedge.exe	78
PID 4972 wrote to memory of 3200	4972	msedge.exe	78
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 2556	4972	msedge.exe	79
PID 4972 wrote to memory of 3160	4972	msedge.exe	80
PID 4972 wrote to memory of 3160	4972	msedge.exe	80
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81
PID 4972 wrote to memory of 2408	4972	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1208562650766647378/1236822340722229269/maceta.exe?ex=66ad6c11&is=66ac1a91&hm=b67124ccf7d627d8c43df9d1345c5f3f67d18792e1f2f660b6b8fa361742629a&
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb2733cb8,0x7ffcb2733cc8,0x7ffcb2733cd8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Users\Admin\Downloads\maceta.exe
  "C:\Users\Admin\Downloads\maceta.exe"
  2⤵
  - Executes dropped EXE
  PID:4764
- - C:\Users\Admin\Downloads\maceta.exe
    "C:\Users\Admin\Downloads\maceta.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2744
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c mode con: cols=120 lines=14
      4⤵
      PID:4068
    - - C:\Windows\system32\mode.com
        
        mode con: cols=120 lines=14
        5⤵
        
        PID:2772
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls && mode con: cols=80 lines=38
      4⤵
      PID:3848
    - - C:\Windows\system32\mode.com
        
        mode con: cols=80 lines=38
        5⤵
        
        PID:4984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c
      4⤵
      PID:3896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15871327523130464672,5893339278997640879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e15960b37c05dc7b54098cd898fe5a4d

SHA1
2c7923730ff68a25d23f8e56c3e5b8e62d2a1de2

SHA256
a3dd370b2b481e239fa13c330f274b7d279573b77ffb813ba68a4961b36d6cb6

SHA512
7e0016a20ed5935f0b0ec2722617661b2486cfde8a9f0901c5f01b23a1545f8637149e5086281f02d834a6be112cbc8eae4af86639f7c1e1c9e2bc34cdb6f979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cccdb04720e1632b3ababce0c0954ddc

SHA1
627fb15e39972f5339ba623ccf2aacf616adcc12

SHA256
4aaa61366719d6428b64217960e4c31bb925799dd75288307cd306a4ec833a0e

SHA512
4af29420d1bddd88a5fcfca9ef860d2cd1f97b9bf295c16b522a33d2580f264b35b3a373a1627a1f3be80044162c8580f54efae2e55befce3de8915c916b5bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7a596d019f0f235ec50928ad8b5651f

SHA1
db8abae5d15c9890b393f70f7df7655c35ce25ae

SHA256
7707987299bcb69cee4fc4bf695d5ca6427ecc4527e9afc187297908219f1730

SHA512
9624404e68e1b7c80555b3526328f1af546ebd3b7c41e135fe5f5d43af00ee23e3c93052604f7b50e8ad27a3670b9a27c28afbed685531ba2b78ff2aa1f36f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e29d58aa1d6884f6b5657684eb40a90d

SHA1
95941592dcc47fb4de7d129df1a7a7c583a276e2

SHA256
ad1ef3cc368483c3570041c1bfcafe38d9ef6b2304b9b0b243a435b32b9c9dc5

SHA512
d8e7a0f76bd576c2793f7b35d4394d54c4d7ac4e17be1fceb96687d2fedd925de3b7e9e504cafa0e72fdba11111ace68986a6a6e5a240470532828798a444cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b016c8a940a11085e8257dd167962f4

SHA1
e8fb58fd45dd3fdfc39078c83148f62ad6e2400b

SHA256
e1ab22c2ad6c9c320ad5c550a1643ea00474f80b2c5924419b0702c8f5084f60

SHA512
99d7afeac2084d379ee0e664d94f3a78fda49e6b1ff13bfbafacffc4d365fa4f1f7f246b983cb6197c5e7a641cf04d7183a9fe47e68d79dd3b114aee55f94ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28d541b53888e65ce1ffc1b72695fa53

SHA1
af26b8c70c9ccb4d9f608122d7142084b23f0398

SHA256
39a1e8c2898cd1c7d4179f587834c1d72cad63825dbb61c676bbde59e4a29853

SHA512
d2fa415f996a62d97cfad5203ecc8bbf98510a1d1ce11f92e1accbe4238634656b2903af6a6d4a5f76a3dae22b339afc9745d3a51378ffea14d35a1ebdcc90eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_bz2.pyd

Filesize
46KB

MD5
c6ed3924e8a9015742eebe871d1e285f

SHA1
8324b2152e83756765a97b681f263e9a1680e998

SHA256
fc21044506016e63094a6c20f30558753d62fbb1c6f50114ee42a3aeccf758b9

SHA512
6239e9de3905c9dde6efe4c8b9031cac4d6d51defef234bc1e76dc39be13117921571ccb69f1c2377d040fb95cf50bc2515729a05f3ff610f6369c3ca31f6467

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_ctypes.pyd

Filesize
56KB

MD5
c52c52020172cacba360e571e0507de7

SHA1
c4db2428bcb88d4edbe0f3d0be186615340ce770

SHA256
082afe7ab9a1f935eda85b8e11235a2a9a1599af574b940f94ce733be4922d44

SHA512
ba35dc382047accbbfdce9e7dcbca7f462e40d7b72cd715ae43983298f41d1afee6bef6854d7bc28b24972521b4a7c59451111f1d58a278d3ff28b4919fc023f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_hashlib.pyd

Filesize
27KB

MD5
c44a3d36846838c44f3e80812e026881

SHA1
8d6ad3d3ca3d152bdf7fca33b63c850072d93443

SHA256
bca44dfc6d6d13783371750134abcf5ce53a5aefc823204ed11db26911a4194d

SHA512
51e60d741f66b66e3fb4b4cf343f1b9079241b1f3d2c686134e7b0781456c0ca02b25067ab6ac1c32661473aceb6c07f18064c82aa13c1e5c43405ea9bd548bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_lzma.pyd

Filesize
84KB

MD5
f85562090941381f6e9831c9a4d8790d

SHA1
dcc6f203cf8ecc8d5e3596418eea61cc9ff109d7

SHA256
8ada33933de0183160f7747fde15032b3dbe457f861fed8e134b6cd3123563b9

SHA512
d8f7604e093ac89ad2ea09af16148eba53cc389fcbf339e04101f916711197f51982376d325299246090759883031803060d93942e8377d52d6d4de195f527c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_queue.pyd

Filesize
22KB

MD5
56eb6e5be30233b2ef82676459283bc8

SHA1
aaa827da4dcf95d62b9661ae854f0f4466d79a3d

SHA256
fb03ad490e6b1576961ff7644115622d1a6751e0196e31d857d8d4406d0bea8f

SHA512
bc2a533ad199a720e9adcc8bd1e42d09c82d61981dc0b0ccd8db923aa1496c11a468e53af02f81f1a7e5bd03818bbfb96e315aa11159f47257b0e7015c60ee2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_socket.pyd

Filesize
40KB

MD5
3e103e62a5bddbce282ccb6e54261da8

SHA1
60c7d1663861268b236a54731382302c8ef75550

SHA256
d0deabcbb4c7dabced6ec7ba19e54faeaf3b981db6e657a2f0b676c747e65ff3

SHA512
1a8d375668e8b2be510ffff8c7b8068c615631fb4e44ac7aadc924e53070d58809646fb44d0d91f22ac65b253491c57d71f9197fd056bedda8cb59844bc64605

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\_ssl.pyd

Filesize
57KB

MD5
aa49f5057d46234b4d6f2469dcfd3025

SHA1
360bd68bd5531a1238e0524a7244715da9884146

SHA256
7c7bd44b24f6ff32bd28538e4c8e7f7d4ff205ffc4b5d950a04c752db0fde391

SHA512
e24f9f22a6007cc10469aeec5591056472b1d9e0dcf03576cba9e761c0f132991eb0fa5cc69aceead57edb6301fdaddb409c30ca88337e712e9bd865d38640c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\base_library.zip

Filesize
1008KB

MD5
355215f65cc927d9dcd7158f139f4c6f

SHA1
4e610a540e82fcbac7c53f14f33bada3adb6038e

SHA256
557cfd5c8f45dca35af7b08e7aeba3d059a95797044fd4317d70eeddcca566b6

SHA512
7c4086c03616f5efc434a33163635981a57256e45c519d3e0509b301ac64d8feb539a91261af8f537693514e219ffdc6b3e19ccd38c8ed47fc96af81000c881e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\certifi\cacert.pem

Filesize
268KB

MD5
59a15f9a93dcdaa5bfca246b84fa936a

SHA1
7f295ea74fc7ed0af0e92be08071fb0b76c8509e

SHA256
2c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524

SHA512
746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\charset_normalizer\md.cp38-win_amd64.pyd

Filesize
9KB

MD5
8926e54499a1a123b6cf5630b23cdbd0

SHA1
b11e22e4bba9bdf814b1e7f023032083089828ad

SHA256
af4707d7041d0e8d80f15a652af79897a8aa41a0d1068c7d725243e04bb49209

SHA512
e18739843296a614f39c04658149ce61f176f30973d45d6f769f39410dcfd609114850dc6103d606c9a57617d14a03448c8275cad0b4d5bb836a76d8db2d37a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\charset_normalizer\md__mypyc.cp38-win_amd64.pyd

Filesize
38KB

MD5
b2f34633787d4192f8c25fd1ba5fcc63

SHA1
4eff0fc3776585331c6d3acdefb30ebfe0bef19c

SHA256
acc4ea9d8b2831b4c89db5e35d2b6762db62e63a285e0a3895928e3fc820890f

SHA512
eb24483ad6157a6d682b6ba6d2f8e6fb4a5b527e1798154d7935514221d22f3e0dedeb93c213e7155d4215d2aef40125e025cc2978161f1b3fc92c89be4200c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libcrypto-1_1.dll

Filesize
1.1MB

MD5
bb0032a76ecd23af83e86c95638fe712

SHA1
3b284b94d95a923a72680b7b11636771d8379dd6

SHA256
5320582dde4442758d22477930cee156d623be3205d7659e955727c6754bf3f1

SHA512
4c89e95ce8844818f799cae8e66e748642f2adb16ed790e71ba0a511661e6a142fd7603fa12be56eb10ade8cc3a35ae2e1533f6b94b500bea5d346734d53391a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libffi-7.dll

Filesize
23KB

MD5
ce7d4f152de90a24b0069e3c95fa2b58

SHA1
98e921d9dd396b86ae785d9f8d66f1dc612111c2

SHA256
85ac46f9d1fd15ab12f961e51ba281bff8c0141fa122bfa21a66e13dd4f943e7

SHA512
7b0a1bd9fb5666fe5388cabcef11e2e4038bbdb62bdca46f6e618555c90eb2e466cb5becd7773f1136ee929f10f74c35357b65b038f51967de5c2b62f7045b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\libssl-1_1.dll

Filesize
197KB

MD5
444e701aa6771896ede85b80e6bdca4c

SHA1
c7c009edacd3eea18515c0f1f64382af8fe18866

SHA256
e14d14b9e3c93ae3456fec463dda2328e2f74d667b7779951d2006578df85ff1

SHA512
408fc421286269236e096444b08b3a61660f9b6a09c4b92f3f204ca0e58bf165887ac7641f0510bf186d17e0e2dbc731a9be19400f3317ecc0515c1d980f737f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
21131c2eecf1f8635682b7b8b07a485f

SHA1
fe245ad1bd5e56c81c40f555377c98a8d881d0eb

SHA256
4b3b5d15d13a96e3643a7be25cf6135d1a2fd13f41f6431239e0fa89b0d2ed7a

SHA512
1591cda50008fea7532f3ace4abdac0279a12b03426459d0a8454ed773fa92b032f79b633804757291eeaabb05ade90a2a9b7a5c2cc9e385c5ce1cf8ac099b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\python3.DLL

Filesize
58KB

MD5
c9f0b55fce50c904dff9276014cef6d8

SHA1
9f9ae27df619b695827a5af29414b592fc584e43

SHA256
074b06ae1d0a0b5c26f0ce097c91e2f24a5d38b279849115495fc40c6c10117e

SHA512
8dd188003d8419a25de7fbb37b29a4bc57a6fd93f2d79b5327ad2897d4ae626d7427f4e6ac84463c158bcb18b6c1e02e83ed49f347389252477bbeeb864ac799

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\python38.dll

Filesize
1.4MB

MD5
423fd4dc4942f49c1bc03461f114ac6e

SHA1
81999e61dc0f01a003f9113dc04f0109595fdf4c

SHA256
12ef4c8da25a7f4bfc9ccc9e33f14c3396990bdedf8829599ad403ae0c289d60

SHA512
7e2ac50eb690c83cbf5799c6226b57d7a6e13d53275ba33721e8b2cdddcea2534560bd6a5d9a35b453b8df06d091804918ff7c27fdddb9b8b6965776b99c38aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\pywin32_system32\pythoncom38.dll

Filesize
197KB

MD5
a285a184d3cbe3ac19faa4bdf8161400

SHA1
d28a8f5541b4cb477ab063f8768d76c49b54664c

SHA256
8d42809b563003b4ffbd005773038de743d1f5b75098a618bfe3efdc0370b8d4

SHA512
6e57b5293f853840e270021686783dbf2debe67b38984ff7b1fcbb99058e0cb6ec9e22892161c16fadcf2bd9931870ec585d2abfd0889960e8b810054e722d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\pywin32_system32\pywintypes38.dll

Filesize
62KB

MD5
1a312ecafee661bd365e1a6948ffbd2e

SHA1
534899c35cfccd160cedf7decd27af8a75ee1c5c

SHA256
68340637712412209234d7ede8d6332b8cc8a587be5e226a21ce66bd4b797b21

SHA512
56439536d3782262aafea01064a9143002f6af09d5152ed3072de4bb78c73e1d909ae01fffcc2c6a7b2fe6081aac7c58fb05efca7632ce8e8ef34c887423ba73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\select.pyd

Filesize
21KB

MD5
b87fde1bf34d28755fb41170e074c6db

SHA1
4f149bb2004fef8836aee1baf96fcd9b96512174

SHA256
05340cadb2ead7002eedd30cc85fdd5070f4cf87047d94b2a5d37aa81f77e466

SHA512
2996e578dc97f38e1394cde3aceed74387db7da2a42c49ac672a3bff265580332af27d228091cd5e7bb90f02684ff5f6a62b67e027c6151339e2af4c87d8eb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\ucrtbase.dll

Filesize
971KB

MD5
1eb17f650462eea820f4cd727d2d3ab1

SHA1
688f59160589ffa293502bffcd5c0e62e1993903

SHA256
24968e69daf49f58e812ada3e4cb24a66d6fb9ef14fc211538dd992b08ed1c3b

SHA512
4b2fd6f202d2c697d10e0a2751ec05128071c7a3f1296c9f41fdbf07b334d8eb48dad674d91150966e0ea925c8e2aeceff904bb3d055989de2e1f94dd7d4bf18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\unicodedata.pyd

Filesize
280KB

MD5
2b2e0414b71cbe7c249750c0e2868a6e

SHA1
f3be089e6cb822ad8eb4b51cbfade8024d1148e7

SHA256
8d83f377764a248265c7719a44e6e9bb5b156529d52b64d7f94c39b78dd3197a

SHA512
ed5b81c28d14978999d39e1c9ec4b07710b2980004887909e545cba7d5779369f2dd71f5a00d3aaafdbd4291cee588abd7532ce987b88a8b581dca6f98925c96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47642\win32api.pyd

Filesize
48KB

MD5
4439169237383e59a189aa73d1991860

SHA1
6d67704f4981babfa221ed530be42f8145f1ecb7

SHA256
9cb1b5e6c064228d764766a8fac89862a7eecaff7069d3d40869ade5cf49a525

SHA512
3c2a55d6439eabc8c21b5d4bbc8629a51cbdc40315fa6b3db74caf0e8ac3384f3d7518187e7194f2e9a85cfdab30383482d4bf9ca138158593db125a734e7ca0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 511371.crdownload

Filesize
11.3MB

MD5
f74499e70b52df7ba44e6d0324fb38c1

SHA1
a6320182c5ad76538555e9194a567125882dc9e0

SHA256
dc87ddda90da3d3b309124d7d68a1026f1c20955205cbbef46045e3399e03dca

SHA512
bac1459e1e05bd66a838758398470fe7dc441798e5bb35b843842cb3f587b60b948118a1477f518d56434b4c0a61934c847c36909f3f9a2270598449b62b77f1

Download Submit
C:\Users\Admin\Downloads\maceta.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2744-224-0x00007FFCA1B50000-0x00007FFCA1B74000-memory.dmp

Filesize
144KB

Download
memory/2744-267-0x00007FFCA76F0000-0x00007FFCA771D000-memory.dmp

Filesize
180KB

Download
memory/2744-208-0x00007FFC9FF50000-0x00007FFCA0006000-memory.dmp

Filesize
728KB

Download
memory/2744-176-0x00007FFCB2F00000-0x00007FFCB2F27000-memory.dmp

Filesize
156KB

Download
memory/2744-177-0x00007FFCB3250000-0x00007FFCB325F000-memory.dmp

Filesize
60KB

Download
memory/2744-225-0x00007FFC9FAC0000-0x00007FFC9FBD2000-memory.dmp

Filesize
1.1MB

Download
memory/2744-180-0x00007FFCB20B0000-0x00007FFCB20DE000-memory.dmp

Filesize
184KB

Download
memory/2744-189-0x00007FFCB15D0000-0x00007FFCB15FC000-memory.dmp

Filesize
176KB

Download
memory/2744-223-0x00007FFCB1F30000-0x00007FFCB1F3B000-memory.dmp

Filesize
44KB

Download
memory/2744-222-0x00007FFCB2160000-0x00007FFCB216D000-memory.dmp

Filesize
52KB

Download
memory/2744-221-0x00007FFCA7560000-0x00007FFCA7571000-memory.dmp

Filesize
68KB

Download
memory/2744-228-0x00007FFCA1B30000-0x00007FFCA1B4C000-memory.dmp

Filesize
112KB

Download
memory/2744-190-0x00007FFCAD850000-0x00007FFCAD880000-memory.dmp

Filesize
192KB

Download
memory/2744-210-0x000002794BA70000-0x000002794BDDF000-memory.dmp

Filesize
3.4MB

Download
memory/2744-207-0x00007FFCA76F0000-0x00007FFCA771D000-memory.dmp

Filesize
180KB

Download
memory/2744-200-0x00007FFCB2ED0000-0x00007FFCB2EDD000-memory.dmp

Filesize
52KB

Download
memory/2744-199-0x00007FFCAD830000-0x00007FFCAD84A000-memory.dmp

Filesize
104KB

Download
memory/2744-191-0x00007FFCA0010000-0x00007FFCA00D8000-memory.dmp

Filesize
800KB

Download
memory/2744-178-0x00007FFCB2170000-0x00007FFCB218C000-memory.dmp

Filesize
112KB

Download
memory/2744-233-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp

Filesize
4.3MB

Download
memory/2744-165-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp

Filesize
4.3MB

Download
memory/2744-256-0x00007FFCB2F00000-0x00007FFCB2F27000-memory.dmp

Filesize
156KB

Download
memory/2744-273-0x00007FFCA1B50000-0x00007FFCA1B74000-memory.dmp

Filesize
144KB

Download
memory/2744-269-0x00007FFC9FBE0000-0x00007FFC9FF4F000-memory.dmp

Filesize
3.4MB

Download
memory/2744-257-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp

Filesize
4.3MB

Download
memory/2744-209-0x00007FFC9FBE0000-0x00007FFC9FF4F000-memory.dmp

Filesize
3.4MB

Download
memory/2744-265-0x00007FFCAD830000-0x00007FFCAD84A000-memory.dmp

Filesize
104KB

Download
memory/2744-264-0x00007FFCA0010000-0x00007FFCA00D8000-memory.dmp

Filesize
800KB

Download
memory/2744-263-0x00007FFCAD850000-0x00007FFCAD880000-memory.dmp

Filesize
192KB

Download
memory/2744-268-0x00007FFC9FF50000-0x00007FFCA0006000-memory.dmp

Filesize
728KB

Download
memory/2744-274-0x00007FFC9FAC0000-0x00007FFC9FBD2000-memory.dmp

Filesize
1.1MB

Download
memory/2744-293-0x00007FFCB1F30000-0x00007FFCB1F3B000-memory.dmp

Filesize
44KB

Download
memory/2744-296-0x00007FFCA1B30000-0x00007FFCA1B4C000-memory.dmp

Filesize
112KB

Download
memory/2744-295-0x00007FFC9FAC0000-0x00007FFC9FBD2000-memory.dmp

Filesize
1.1MB

Download
memory/2744-294-0x00007FFCA1B50000-0x00007FFCA1B74000-memory.dmp

Filesize
144KB

Download
memory/2744-292-0x00007FFCB2160000-0x00007FFCB216D000-memory.dmp

Filesize
52KB

Download
memory/2744-291-0x00007FFCA7560000-0x00007FFCA7571000-memory.dmp

Filesize
68KB

Download
memory/2744-290-0x00007FFC9FBE0000-0x00007FFC9FF4F000-memory.dmp

Filesize
3.4MB

Download
memory/2744-289-0x00007FFC9FF50000-0x00007FFCA0006000-memory.dmp

Filesize
728KB

Download
memory/2744-288-0x00007FFCA76F0000-0x00007FFCA771D000-memory.dmp

Filesize
180KB

Download
memory/2744-287-0x00007FFCB2ED0000-0x00007FFCB2EDD000-memory.dmp

Filesize
52KB

Download
memory/2744-286-0x00007FFCAD830000-0x00007FFCAD84A000-memory.dmp

Filesize
104KB

Download
memory/2744-285-0x00007FFCA0010000-0x00007FFCA00D8000-memory.dmp

Filesize
800KB

Download
memory/2744-284-0x00007FFCAD850000-0x00007FFCAD880000-memory.dmp

Filesize
192KB

Download
memory/2744-283-0x00007FFCB15D0000-0x00007FFCB15FC000-memory.dmp

Filesize
176KB

Download
memory/2744-282-0x00007FFCB20B0000-0x00007FFCB20DE000-memory.dmp

Filesize
184KB

Download
memory/2744-281-0x00007FFCB2170000-0x00007FFCB218C000-memory.dmp

Filesize
112KB

Download
memory/2744-280-0x00007FFCB3250000-0x00007FFCB325F000-memory.dmp

Filesize
60KB

Download
memory/2744-279-0x00007FFCB2F00000-0x00007FFCB2F27000-memory.dmp

Filesize
156KB

Download
memory/2744-278-0x00007FFCA00E0000-0x00007FFCA0525000-memory.dmp

Filesize
4.3MB

Download