hxxp://www[.]devecchi[.]com/wp-content/uploads/fusion-scripts/Wallet[.]exe

Analysis

max time kernel
1s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.devecchi.com/wp-content/uploads/fusion-scripts/Wallet.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
82	ip-api.com

Program crash 32 IoCs

pid	pid_target	Process	procid_target
4772	2172	WerFault.exe	125
1504	5328	WerFault.exe	134
3756	5808	WerFault.exe	136
60	5344	WerFault.exe	145
3108	316	WerFault.exe	124
5608	6116	WerFault.exe	154
1904	5648	WerFault.exe	152
4908	5328	WerFault.exe	162
4604	2004	WerFault.exe	160
3476	5940	WerFault.exe	168
3508	5620	WerFault.exe	177
3836	5440	WerFault.exe	175
3516	4624	WerFault.exe	185
5108	5648	WerFault.exe	183
1364	5784	WerFault.exe	193
4996	5660	WerFault.exe	191
5808	412	WerFault.exe	201
5964	5452	WerFault.exe	199
4684	4980	WerFault.exe	209
4840	6100	WerFault.exe	207
3420	5496	WerFault.exe	217
5152	5576	WerFault.exe	215
2700	1872	WerFault.exe	225
4224	2388	WerFault.exe	223
4244	5776	WerFault.exe	234
5380	5452	WerFault.exe	232
2124	1872	WerFault.exe	240
5484	2372	WerFault.exe	247
5740	5352	WerFault.exe	245
5528	4344	WerFault.exe	253
3892	2508	WerFault.exe	260
5756	5540	WerFault.exe	258

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 5092	4408	msedge.exe	14
PID 4408 wrote to memory of 5092	4408	msedge.exe	14
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 3628	4408	msedge.exe	29
PID 4408 wrote to memory of 2492	4408	msedge.exe	26
PID 4408 wrote to memory of 2492	4408	msedge.exe	26
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24
PID 4408 wrote to memory of 2320	4408	msedge.exe	24

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d17c46f8,0x7ff8d17c4708,0x7ff8d17c4718
1⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.devecchi.com/wp-content/uploads/fusion-scripts/Wallet.exe
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:4120
- C:\Users\Admin\Downloads\Wallet.exe
  "C:\Users\Admin\Downloads\Wallet.exe"
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8357707499451236634,7330230902735819343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6296 /prefetch:2
  2⤵
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:392

C:\Users\Admin\Downloads\Wallet.exe
"C:\Users\Admin\Downloads\Wallet.exe"
1⤵
PID:2984
- C:\Users\Public\Downloads\wtrezapp.exe
  "C:\Users\Public\Downloads\wtrezapp.exe"
  2⤵
  PID:316
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 316 -s 2124
    3⤵
    - Program crash
    PID:3108

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2172
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2172 -s 6104
  2⤵
  - Program crash
  PID:4772

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3528

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 428 -p 2172 -ip 2172
1⤵
PID:5052

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5328
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5328 -s 5708
  2⤵
  - Program crash
  PID:1504

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5640

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5808
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5808 -s 3800
  2⤵
  - Program crash
  PID:3756

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 5808 -ip 5808
1⤵
PID:4684

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 5328 -ip 5328
1⤵
PID:3464

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4364

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5344
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5344 -s 6164
  2⤵
  - Program crash
  PID:60

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5316

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 180 -p 5344 -ip 5344
1⤵
PID:1520

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 556 -p 316 -ip 316
1⤵
PID:4244

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5648 -s 7580
  2⤵
  - Program crash
  PID:1904

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5680

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:6116
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 6116 -s 3580
  2⤵
  - Program crash
  PID:5608

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 6116 -ip 6116
1⤵
PID:5556

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 600 -p 5648 -ip 5648
1⤵
PID:1632

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2004
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2004 -s 7492
  2⤵
  - Program crash
  PID:4604

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5844

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5328
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5328 -s 2848
  2⤵
  - Program crash
  PID:4908

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 5328 -ip 5328
1⤵
PID:1520

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 2004 -ip 2004
1⤵
PID:3996

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5940
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5940 -s 5652
  2⤵
  - Program crash
  PID:3476

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3464

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 5940 -ip 5940
1⤵
PID:4288

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5440
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5440 -s 7496
  2⤵
  - Program crash
  PID:3836

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5924

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5620 -s 2876
  2⤵
  - Program crash
  PID:3508

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 572 -p 5620 -ip 5620
1⤵
PID:4548

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 5440 -ip 5440
1⤵
PID:3668

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5648 -s 3420
  2⤵
  - Program crash
  PID:5108

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2588

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4624
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4624 -s 3556
  2⤵
  - Program crash
  PID:3516

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 604 -p 4624 -ip 4624
1⤵
PID:5820

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 5648 -ip 5648
1⤵
PID:1764

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5660
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5660 -s 5964
  2⤵
  - Program crash
  PID:4996

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2180

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5784
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5784 -s 3592
  2⤵
  - Program crash
  PID:1364

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 5784 -ip 5784
1⤵
PID:5728

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 5660 -ip 5660
1⤵
PID:5504

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5452
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5452 -s 5852
  2⤵
  - Program crash
  PID:5964

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4500

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:412
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 412 -s 3532
  2⤵
  - Program crash
  PID:5808

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 592 -p 412 -ip 412
1⤵
PID:3612

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 5452 -ip 5452
1⤵
PID:5416

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:6100
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 6100 -s 5980
  2⤵
  - Program crash
  PID:4840

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5916

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4980
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4980 -s 3548
  2⤵
  - Program crash
  PID:4684

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 588 -p 4980 -ip 4980
1⤵
PID:1196

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 6100 -ip 6100
1⤵
PID:2484

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5576
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5576 -s 7312
  2⤵
  - Program crash
  PID:5152

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5868

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5496
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5496 -s 3572
  2⤵
  - Program crash
  PID:3420

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 5496 -ip 5496
1⤵
PID:4796

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 5576 -ip 5576
1⤵
PID:4344

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2388
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2388 -s 7352
  2⤵
  - Program crash
  PID:4224

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:4288

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:1872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1872 -s 3556
  2⤵
  - Program crash
  PID:2700

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 192 -p 1872 -ip 1872
1⤵
PID:3324

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 2388 -ip 2388
1⤵
PID:4684

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5452
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5452 -s 7436
  2⤵
  - Program crash
  PID:5380

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3396

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5776
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5776 -s 2968
  2⤵
  - Program crash
  PID:4244

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 5776 -ip 5776
1⤵
PID:1568

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 624 -p 5452 -ip 5452
1⤵
PID:6024

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1872 -s 6092
  2⤵
  - Program crash
  PID:2124

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:2692

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 424 -p 1872 -ip 1872
1⤵
PID:1132

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5352 -s 7488
  2⤵
  - Program crash
  PID:5740

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5332

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2372
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2372 -s 3564
  2⤵
  - Program crash
  PID:5484

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 556 -p 2372 -ip 2372
1⤵
PID:5464

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 576 -p 5352 -ip 5352
1⤵
PID:1468

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4344
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4344 -s 5824
  2⤵
  - Program crash
  PID:5528

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5488

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 4344 -ip 4344
1⤵
PID:4132

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5540
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 5540 -s 5656
  2⤵
  - Program crash
  PID:5756

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5464

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2508 -s 3536
  2⤵
  - Program crash
  PID:3892

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 612 -p 2508 -ip 2508
1⤵
PID:5748

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 660 -p 5540 -ip 5540
1⤵
PID:2588

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5328

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5528

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
1KB

MD5
9e5b2d1cb98985b222237e7f3686b464

SHA1
1faa1fdc248870b32752dc09f9a6b0192434f12a

SHA256
de69ba376066ef9cd158dae4ba27824387f00ff2b76d6233af6067237068f7ae

SHA512
8b3ef5dbd2f9301963abf9c81767dd066eb04822a0193c416c20e300f1657ab72f7063561eec2c03513b49d81019a7e0835248cf076072b9803f5a6e7d6a377d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

Filesize
404B

MD5
43ad9c5974e29099d2223deee459de8e

SHA1
4f6288d21874961ae61340e13efb64f403989184

SHA256
8e7787885f41c64fb1907923ed16131ba7404d48a9bace53599d90178ae1f5a5

SHA512
3cde50b7abe800f1eac181d95ed8253dd79ad2fb76b79f23caae63b8089ec4a15a8fde3855bd07e1e17c04d5eab0705246ba944690735fd6020cc31e2ab729ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d1923069f3c1f68695cd63e8bee0d70

SHA1
d1f18bd1a5cb689a72155c3ce3fbb1d96015dcc7

SHA256
6a71cf68324aff4b721b7adc0d8d56b398ac056bc9f9bd5fd3599ea150238f42

SHA512
bef64dd5d8edc535b63b5bd129f30903f4b252a125a0a5bfd987c74b81df95ab76ea09021ff3f223893d4cc919c4deaa5cb6556ab6424776502f12fd667c67f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d98a7643105332b403a7b4a2ee08df50

SHA1
4c04ff04c31340bba62ad8424ddf143264537068

SHA256
0b169f0f8a92b57b92abbbab9eac57b79b14e949294ebd0126650faa6b19a97a

SHA512
ca9a1d7411a0db4f3b1ac0fac335045c3a4fab8a4cccab2779debda20cd34971ef710ed9c67895c7f36f86bc36bd293761b38ed473caa76bfcae38c31e230bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb37bb2e1ce61b14fdebcf70faa03685

SHA1
bfc7fbce6125d7655dcc3cdd3cd43206249bb3b5

SHA256
bf5075a27b2e8a30fd8f16cdad732df2add85f26ee9b2756eb07e962b38eba3e

SHA512
edcc6a21522f9db799631fc2664a7d08a3d7f5e9de7bab4a6c84843a0bf0de6b187755adf888c152332fd934045f790e21004d17099d17d4d3d0cbad1af87cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
948c65a42ba59bf73dbf9a4dbd2b1332

SHA1
919f45d9e2feb123664205e55ed6c3c8cc7e3803

SHA256
aeff29d0d51709257cb6769506a65c2c2a6dcdac2569835b5d2032a231f68ac3

SHA512
fa1ed75a64136283eecaf49c1cbaee3dd34858704ab7f9193cb1ac91babe3629c3aea5ff1e2891012a4c791fd488bf9b0c5836633b7b0312ee27c05c09955a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a92ef1d50504d16ccdf6277ca7ffc584

SHA1
42398ebe885f992e0f2ca066108c1e865a77b3c8

SHA256
0c72c7143dfce98fe2ace0f44ae53f99f23e9e666b903d8018bbb7c1cfcd722a

SHA512
e41b633d2edf1153ba12018ad6c550712d5b2c18841787b4dcf41466b0a3e315d46a1fd0c320a0cf1134ea01d935a087a8f88e6dcf95a323915d4337dd4fa04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
de4e1121dcbfe16aa38d0eb4dbd43227

SHA1
fd9cfbc4259a73b50949f69e41c6ed9fb48e8d7d

SHA256
c358e014743ed03d6c5a0618f683b34def223bf09bf72264fa808234f45d4851

SHA512
db15aab06fbe725a14c6c425fa462cb66d19a0caa7326a7c7b88913fc1f5f24c21e7a85a4806e4f121dd97bd5eeb5bb70c811f7945ceabb0e461335f33829381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ca08f8ab-2fed-4501-bed2-d3912ce2c4e2.tmp

Filesize
12KB

MD5
948c65a42ba59bf73dbf9a4dbd2b1332

SHA1
919f45d9e2feb123664205e55ed6c3c8cc7e3803

SHA256
aeff29d0d51709257cb6769506a65c2c2a6dcdac2569835b5d2032a231f68ac3

SHA512
fa1ed75a64136283eecaf49c1cbaee3dd34858704ab7f9193cb1ac91babe3629c3aea5ff1e2891012a4c791fd488bf9b0c5836633b7b0312ee27c05c09955a28

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\7ZZHJ0NR\microsoft.windows[1].xml

Filesize
97B

MD5
75fdba27ae111f9312c9b243a5e22d02

SHA1
0bbbf13546b05600dbeb285609adcff5e12c2e24

SHA256
62198536b21cc7cad5b396303999bb4ad75ad784e120525be4b8b8a503f05d89

SHA512
855ad3a011f011fc715020029dfce87fd1812bd6d94b5aafdc731b591fe24c681048009427d22da931fc13a1b7cdbca5e8336a79f03d6e226d9984118f2a306c

Download Submit
C:\Users\Admin\Downloads\Wallet.exe

Filesize
326KB

MD5
f8e6425f51d262f94758c86fe2b936bf

SHA1
d069aa6a1b30b72f01c253eed15d282edcdf71cb

SHA256
291885e66da48c5ea16c3552a947993bda7f8fcf6572aad611adc59ed276897f

SHA512
3904efe44efc24fe2ab92b1370180ee5a40bf8c91c315c0ad3ea0db07dafe0945527b0da9794471f6212dff64994c718ecfd5be779b2cd85297f723793584d9c

Download Submit
C:\Users\Admin\Downloads\Wallet.exe

Filesize
326KB

MD5
f8e6425f51d262f94758c86fe2b936bf

SHA1
d069aa6a1b30b72f01c253eed15d282edcdf71cb

SHA256
291885e66da48c5ea16c3552a947993bda7f8fcf6572aad611adc59ed276897f

SHA512
3904efe44efc24fe2ab92b1370180ee5a40bf8c91c315c0ad3ea0db07dafe0945527b0da9794471f6212dff64994c718ecfd5be779b2cd85297f723793584d9c

Download Submit
C:\Users\Admin\Downloads\Wallet.exe

Filesize
326KB

MD5
f8e6425f51d262f94758c86fe2b936bf

SHA1
d069aa6a1b30b72f01c253eed15d282edcdf71cb

SHA256
291885e66da48c5ea16c3552a947993bda7f8fcf6572aad611adc59ed276897f

SHA512
3904efe44efc24fe2ab92b1370180ee5a40bf8c91c315c0ad3ea0db07dafe0945527b0da9794471f6212dff64994c718ecfd5be779b2cd85297f723793584d9c

Download Submit
C:\Users\Admin\Downloads\Wallet.exe

Filesize
326KB

MD5
f8e6425f51d262f94758c86fe2b936bf

SHA1
d069aa6a1b30b72f01c253eed15d282edcdf71cb

SHA256
291885e66da48c5ea16c3552a947993bda7f8fcf6572aad611adc59ed276897f

SHA512
3904efe44efc24fe2ab92b1370180ee5a40bf8c91c315c0ad3ea0db07dafe0945527b0da9794471f6212dff64994c718ecfd5be779b2cd85297f723793584d9c

Download Submit
C:\Users\Public\Downloads\wtrezapp.exe

Filesize
161KB

MD5
27252c2e50a5f969369badffdfe85745

SHA1
53ddb82365ebbe995ee4a7b82dab613fb97a795e

SHA256
5d67b2272af3e3c2f75f1b1efeab9717bb67a611352945f30fda8a8f9d079e79

SHA512
f56948ad6d98ed0787e066b77ac814a5885480083d51d3dfccab5bcbe88923f84c8f67b043cea1321e9567a9b516360f814202ff0ac778601f462cfec288139f

Download Submit
C:\Users\Public\Downloads\wtrezapp.exe

Filesize
161KB

MD5
27252c2e50a5f969369badffdfe85745

SHA1
53ddb82365ebbe995ee4a7b82dab613fb97a795e

SHA256
5d67b2272af3e3c2f75f1b1efeab9717bb67a611352945f30fda8a8f9d079e79

SHA512
f56948ad6d98ed0787e066b77ac814a5885480083d51d3dfccab5bcbe88923f84c8f67b043cea1321e9567a9b516360f814202ff0ac778601f462cfec288139f

Download Submit
C:\Users\Public\Downloads\wtrezapp.exe

Filesize
161KB

MD5
27252c2e50a5f969369badffdfe85745

SHA1
53ddb82365ebbe995ee4a7b82dab613fb97a795e

SHA256
5d67b2272af3e3c2f75f1b1efeab9717bb67a611352945f30fda8a8f9d079e79

SHA512
f56948ad6d98ed0787e066b77ac814a5885480083d51d3dfccab5bcbe88923f84c8f67b043cea1321e9567a9b516360f814202ff0ac778601f462cfec288139f

Download Submit
memory/316-287-0x0000000000D80000-0x0000000000DAA000-memory.dmp

Filesize
168KB

Download
memory/316-290-0x000000001BA30000-0x000000001BA40000-memory.dmp

Filesize
64KB

Download
memory/316-289-0x00007FF8BDFC0000-0x00007FF8BEA81000-memory.dmp

Filesize
10.8MB

Download
memory/316-307-0x00007FF8BDFC0000-0x00007FF8BEA81000-memory.dmp

Filesize
10.8MB

Download
memory/316-309-0x000000001BA30000-0x000000001BA40000-memory.dmp

Filesize
64KB

Download
memory/316-352-0x00007FF8BDFC0000-0x00007FF8BEA81000-memory.dmp

Filesize
10.8MB

Download
memory/412-495-0x000001A01FF10000-0x000001A01FF30000-memory.dmp

Filesize
128KB

Download
memory/412-489-0x000001A01FB40000-0x000001A01FB60000-memory.dmp

Filesize
128KB

Download
memory/412-493-0x000001A01FB00000-0x000001A01FB20000-memory.dmp

Filesize
128KB

Download
memory/412-500-0x000001981E200000-0x000001981E97A000-memory.dmp

Filesize
7.5MB

Download
memory/1872-560-0x0000016D020D0000-0x0000016D0284A000-memory.dmp

Filesize
7.5MB

Download
memory/1872-550-0x0000016D03CD0000-0x0000016D03CF0000-memory.dmp

Filesize
128KB

Download
memory/1872-553-0x0000016D03C50000-0x0000016D03C70000-memory.dmp

Filesize
128KB

Download
memory/1872-556-0x0000016D042E0000-0x0000016D04300000-memory.dmp

Filesize
128KB

Download
memory/2004-380-0x00000000042D0000-0x00000000042D1000-memory.dmp

Filesize
4KB

Download
memory/2244-268-0x00000000059B0000-0x00000000059C0000-memory.dmp

Filesize
64KB

Download
memory/2244-266-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/2244-260-0x00000000059B0000-0x00000000059C0000-memory.dmp

Filesize
64KB

Download
memory/2244-257-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/2244-256-0x0000000000EF0000-0x0000000000F40000-memory.dmp

Filesize
320KB

Download
memory/2244-259-0x0000000005810000-0x00000000058A2000-memory.dmp

Filesize
584KB

Download
memory/2244-258-0x0000000005D20000-0x00000000062C4000-memory.dmp

Filesize
5.6MB

Download
memory/2244-261-0x0000000005790000-0x000000000579A000-memory.dmp

Filesize
40KB

Download
memory/2372-604-0x0000020ACF440000-0x0000020ACF460000-memory.dmp

Filesize
128KB

Download
memory/2372-598-0x0000020ACF070000-0x0000020ACF090000-memory.dmp

Filesize
128KB

Download
memory/2372-601-0x0000020ACF030000-0x0000020ACF050000-memory.dmp

Filesize
128KB

Download
memory/2372-612-0x00000202CC400000-0x00000202CCB7A000-memory.dmp

Filesize
7.5MB

Download
memory/2388-543-0x0000000004790000-0x0000000004791000-memory.dmp

Filesize
4KB

Download
memory/2508-626-0x000001C7CCC90000-0x000001C7CCCB0000-memory.dmp

Filesize
128KB

Download
memory/2508-623-0x000001C7CCCD0000-0x000001C7CCCF0000-memory.dmp

Filesize
128KB

Download
memory/2508-628-0x000001C7CD2A0000-0x000001C7CD2C0000-memory.dmp

Filesize
128KB

Download
memory/2508-646-0x000001BFCB240000-0x000001BFCB9BA000-memory.dmp

Filesize
7.5MB

Download
memory/2984-269-0x0000000006C80000-0x0000000006C8A000-memory.dmp

Filesize
40KB

Download
memory/2984-265-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/2984-267-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/2984-271-0x0000000009620000-0x0000000009632000-memory.dmp

Filesize
72KB

Download
memory/2984-288-0x0000000074600000-0x0000000074DB0000-memory.dmp

Filesize
7.7MB

Download
memory/4624-447-0x0000016654EB0000-0x0000016654ED0000-memory.dmp

Filesize
128KB

Download
memory/4624-455-0x0000015E51E00000-0x0000015E5372F000-memory.dmp

Filesize
25.2MB

Download
memory/4624-444-0x00000166547A0000-0x00000166547C0000-memory.dmp

Filesize
128KB

Download
memory/4624-441-0x00000166547E0000-0x0000016654800000-memory.dmp

Filesize
128KB

Download
memory/4980-516-0x00000163BDAF0000-0x00000163BDB10000-memory.dmp

Filesize
128KB

Download
memory/4980-510-0x00000163BD690000-0x00000163BD6B0000-memory.dmp

Filesize
128KB

Download
memory/4980-520-0x0000015BBC000000-0x0000015BBC77A000-memory.dmp

Filesize
7.5MB

Download
memory/4980-513-0x00000163BD650000-0x00000163BD670000-memory.dmp

Filesize
128KB

Download
memory/5328-390-0x000001E462630000-0x000001E462650000-memory.dmp

Filesize
128KB

Download
memory/5328-311-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/5328-394-0x000001E462A40000-0x000001E462A60000-memory.dmp

Filesize
128KB

Download
memory/5328-387-0x000001E462670000-0x000001E462690000-memory.dmp

Filesize
128KB

Download
memory/5352-591-0x0000000004A50000-0x0000000004A51000-memory.dmp

Filesize
4KB

Download
memory/5440-413-0x0000000004D00000-0x0000000004D01000-memory.dmp

Filesize
4KB

Download
memory/5452-565-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/5452-481-0x00000000040C0000-0x00000000040C1000-memory.dmp

Filesize
4KB

Download
memory/5496-529-0x0000021A2DA20000-0x0000021A2DA40000-memory.dmp

Filesize
128KB

Download
memory/5496-532-0x0000021A2D7D0000-0x0000021A2D7F0000-memory.dmp

Filesize
128KB

Download
memory/5496-535-0x0000021A2DE10000-0x0000021A2DE30000-memory.dmp

Filesize
128KB

Download
memory/5496-540-0x000002122C000000-0x000002122C77A000-memory.dmp

Filesize
7.5MB

Download
memory/5540-615-0x0000000004240000-0x0000000004241000-memory.dmp

Filesize
4KB

Download
memory/5576-522-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/5620-422-0x0000016A37060000-0x0000016A37080000-memory.dmp

Filesize
128KB

Download
memory/5620-425-0x0000016A37680000-0x0000016A376A0000-memory.dmp

Filesize
128KB

Download
memory/5620-420-0x0000016A370A0000-0x0000016A370C0000-memory.dmp

Filesize
128KB

Download
memory/5620-431-0x00000162344A0000-0x0000016235DCF000-memory.dmp

Filesize
25.2MB

Download
memory/5648-433-0x0000000004C10000-0x0000000004C11000-memory.dmp

Filesize
4KB

Download
memory/5648-356-0x0000000004620000-0x0000000004621000-memory.dmp

Filesize
4KB

Download
memory/5660-458-0x0000000004E20000-0x0000000004E21000-memory.dmp

Filesize
4KB

Download
memory/5776-571-0x0000025751970000-0x0000025751990000-memory.dmp

Filesize
128KB

Download
memory/5776-574-0x0000025751930000-0x0000025751950000-memory.dmp

Filesize
128KB

Download
memory/5776-578-0x0000025751F40000-0x0000025751F60000-memory.dmp

Filesize
128KB

Download
memory/5776-585-0x0000024F50000000-0x0000024F5077A000-memory.dmp

Filesize
7.5MB

Download
memory/5784-465-0x0000021AB8990000-0x0000021AB89B0000-memory.dmp

Filesize
128KB

Download
memory/5784-468-0x0000021AB8950000-0x0000021AB8970000-memory.dmp

Filesize
128KB

Download
memory/5784-471-0x0000021AB8DF0000-0x0000021AB8E10000-memory.dmp

Filesize
128KB

Download
memory/5784-479-0x00000212B5C00000-0x00000212B752F000-memory.dmp

Filesize
25.2MB

Download
memory/5808-324-0x000002F98A950000-0x000002F98A970000-memory.dmp

Filesize
128KB

Download
memory/5808-320-0x000002F98A340000-0x000002F98A360000-memory.dmp

Filesize
128KB

Download
memory/5808-317-0x000002F98A380000-0x000002F98A3A0000-memory.dmp

Filesize
128KB

Download
memory/6100-503-0x0000000004E20000-0x0000000004E21000-memory.dmp

Filesize
4KB

Download
memory/6116-367-0x0000013E52BA0000-0x0000013E52BC0000-memory.dmp

Filesize
128KB

Download
memory/6116-369-0x0000013E53050000-0x0000013E53070000-memory.dmp

Filesize
128KB

Download
memory/6116-364-0x0000013E52BE0000-0x0000013E52C00000-memory.dmp

Filesize
128KB

Download