d1159c74722e98b3a64ef9545835dc77f815411eac982c1600d559baf8f0408e

Analysis

max time kernel
2s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

064abfe570ed51ea5c42d975dbc72c4b.exe
Size

604KB
MD5

064abfe570ed51ea5c42d975dbc72c4b
SHA1

3edb95aa105fe628016ba0d1e54752e53ed61e8f
SHA256

d1159c74722e98b3a64ef9545835dc77f815411eac982c1600d559baf8f0408e
SHA512

6b204670645f621772caabf236578e2e5d931e14ca2b0bf3743d1023e41a96c15b566364cee8f759579f20d534abb81e10d375ca6f9396b977c1521c2ded5304
SSDEEP

12288:GwWMrqdGLxsoIjW9QVNo8hg0rOj24q6xGJOpq0RypiI3F:GtYqdGVsoGQQNrOj2J0GkpOpvF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3684	Utility.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Virtualized	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\IECompatUaCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low	IEXPLORE.EXE

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Utility.exe	064abfe570ed51ea5c42d975dbc72c4b.exe
File opened for modification	C:\Windows\Utility.exe	064abfe570ed51ea5c42d975dbc72c4b.exe
File created	C:\Windows\Mangerr.DLL	Utility.exe
File created	C:\Windows\RAV2007.BAT	064abfe570ed51ea5c42d975dbc72c4b.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3108	872	WerFault.exe	18
5040	3684	WerFault.exe

Modifies data under HKEY_USERS 62 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft\RepService	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Connection Wizard	Utility.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2011090370"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\F12	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main	Utility.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Connection Wizard\Completed = 01000000	Utility.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IETld	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\OperationalData = "12"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31079187"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Feeds	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Check_Associations = "no"	Utility.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 3740	872	064abfe570ed51ea5c42d975dbc72c4b.exe	32
PID 872 wrote to memory of 3740	872	064abfe570ed51ea5c42d975dbc72c4b.exe	32
PID 872 wrote to memory of 3740	872	064abfe570ed51ea5c42d975dbc72c4b.exe	32
PID 3684 wrote to memory of 3736	3684	Utility.exe	31
PID 3684 wrote to memory of 3736	3684	Utility.exe	31

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 872 -ip 872
1⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\064abfe570ed51ea5c42d975dbc72c4b.exe
"C:\Users\Admin\AppData\Local\Temp\064abfe570ed51ea5c42d975dbc72c4b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 332
  2⤵
  - Program crash
  PID:3108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\RAV2007.BAT
  2⤵
  PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3684 -ip 3684
1⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 320
1⤵
- Program crash
PID:5040

C:\Windows\Utility.exe
C:\Windows\Utility.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:3736

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3736 CREDAT:17410 /prefetch:2
1⤵
PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10054
  2⤵
  PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10054
    3⤵
    PID:4832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
      4⤵
      PID:3536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
      4⤵
      PID:2588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
      4⤵
      PID:2880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
      4⤵
      PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
      4⤵
      PID:2344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1
      4⤵
      PID:1680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
      4⤵
      PID:3744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2384 /prefetch:8
      4⤵
      PID:3992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
      4⤵
      PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
      4⤵
      PID:1960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      PID:5596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,2661774412985279518,17663524262394747615,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
      4⤵
      PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffce1646f8,0x7fffce164708,0x7fffce164718
1⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff634a65460,0x7ff634a65470,0x7ff634a65480
1⤵
PID:5612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Mangerr.DLL

Filesize
1KB

MD5
d94241a90a995c4b6b3c79ce682aedf6

SHA1
9d1a4c8c4d4ea68b30f1c7787c468d87eb48c84f

SHA256
8b3475ee6bd29a4cdeaf790a17e81583038a82d3a2b51492d15d468a0e191695

SHA512
2ea07d0c04478940ada6bc2176ab7973de8bda90185f8c74b19e288f41d2933f4ec0e15a121c7dd72c30ab95da2153e13e32c0ca470d2f3a10013ba16a983028

Download Submit
C:\Windows\Mangerr.DLL

Filesize
21KB

MD5
bbfd6cd2de13366505daa2e6571c52b7

SHA1
843da6614b5a948dfde63099ed3359ae2ad948bf

SHA256
de64ddbae59b929e4567a78ac28099c0f76736a758229089e5935677c91fa20a

SHA512
17a8b0a50677903a3f754e6dcea3ab7d0cb283a1ddea5f19341ea5e4bc9672dc029a977ceb6bb1052f139dc9159774a5f4a457aa15172a5557042051a35587dc

Download Submit
C:\Windows\Mangerr.DLL

Filesize
14KB

MD5
21af716fe34e15c6c4083dc98d1f52ab

SHA1
161a47841d9560a7f52c7d8ce07704a4a9c71e2c

SHA256
462092e6989a979d617313cf8ff400f24b8ccc9d4d42d95ced68a151d5aebca6

SHA512
83adfc26759d1cfee28b301dc7865c73ea041a9f1d33f7f4fc8cfa815904c4a9af75324eb6635384f2f7b335038a9862f7253b544ff62cb2a28500b5ac050a2e

Download Submit
C:\Windows\Mangerr.DLL

Filesize
54KB

MD5
c607949376a06ee1858e43ee428145dc

SHA1
5ad8e5c8b82012be0d93249b90641815ee11e345

SHA256
fb4c17047aa189fdf6437ed1997546a9b37f6ef903903c63339fd14eed071d72

SHA512
6eac28185d08403704463a968381deebcd5a9fabd64040256c6ad69de4a3bde9622eeec190caf2e198a8be060c7d29c90ff6d68431eec3b516ed29d629555ea8

Download Submit
C:\Windows\Mangerr.DLL

Filesize
42KB

MD5
e8c1e26bd136629b82fb47c2d2ff0d35

SHA1
f9f02c94f724ddad4852cb665680087553cd7167

SHA256
55fd33bd15f2512dbb6ec6a235709a4b5091c6e852afa2c5926db51a1de1ba92

SHA512
14b42fd40e7ecc499e4b0533b01816c975f669ad5474fa685ea3fd4f7c69350ac194f22d7aa3e9cdf9660d56e2b6860c14a9258e3b1f9bafb864345488e9509b

Download Submit
C:\Windows\RAV2007.BAT

Filesize
190B

MD5
071de8c1538b7d552dc3cd8ef5e990c1

SHA1
a088163ebbd376160fdbe1e49921a410475bff82

SHA256
f70076dcab73e0e4d8c4831472eb8b45ccd0ced70404cc10963ed40db7a75d00

SHA512
34bb3b5be0dacae23e5ac4998a1e2bf0273eb6ed8e1fa77ffafc0ae9f08b5e4f9f972387b6aa4acb83fbef9c3e2ee29c49ffd6bbf595cacb9f98c36a342a0896

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\711385b2-89ae-4299-8c0e-74f84a327fe7.tmp

Filesize
11KB

MD5
f454e8fe1c2b8f7b9c7fd46ca6ef7723

SHA1
45ee54a799f1202a3fd5ec44a0356a92b0a273a7

SHA256
798a9a0e815b0ae749b908d1ce2dd3eb62be9771b5c0c35d6c8f6006710311ff

SHA512
8efdc795644fcaa545181d7155d3cbc30ad68f19332da1db8b7b31b364ae3fbd994a680dd9316b2db0df3cfa122b41d086598c5beef70a80602d9c766144f387

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1a9ff63272d04d2487cea432b28baee8

SHA1
90caa79f909b24c8aa90b1a78e1f92fe137e91d8

SHA256
3188fd6a2d1ec477730d636482cb3c6557e2caefb50d63e4e4a249e8ced4f75b

SHA512
c6f1c73bc9c6af3acae855aa65f3fc07e514c61ddd29a05a647abdc19f62a0676c9005908b7f8fc2a1b12fefe3e1d0e00a4d58eb8d867baf08cb709a25c327dc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e085dc3f0d55d9629fde1d3a42a3cf

SHA1
18f35adf25f15dd8a794bdfebe92fb42660b3786

SHA256
84a3b20f409b6374400a425638e899e170f2cbd902729146b8b33d1978b23b85

SHA512
4831413b9089ec0bf50339437887e2fad4e94f540b8ba421c219d0693ba12136bb2e43386164e15878a8150663217765ec0439e99943c550870440ec4620296d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
48B

MD5
df6c12cffb7d4517677be651752cfde6

SHA1
67d94a632c38c3787b041e7f424ec2746fae746b

SHA256
cf775c4744e541c27a1beecd04cd87efa7f25b30eb85d2701cec57512fb24dac

SHA512
4c62825cb3f6087c4d87ec65b7cc6cab1b9241821e6cd36bdc717f60f8d03db473926a81a5e72ed476919d1e5b4965feaa1089f8e55c304b5197082adc33b41b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8973b36fdf90f0eb8d9e9d7bdb0d895b

SHA1
4ee813bf07356a7948e24fa3eb301d41e6041321

SHA256
6c4d5bc5acd98fa4d35e3892adf344d9162568706f0113ebb96e4855390fac87

SHA512
d78ab269d2fc3e88082c2df3cbac7dc10175d41c30bd7333ac2d5c57160b5a69f3b09912093925622a29cbcd8101bdf9c2ac1005eb7951196938defc04171324

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
167ce003d3b4a34d8f42033542dd359a

SHA1
116e62e7f8df617c06355408fde2471e4d332dc6

SHA256
cde72b705687def86de783a7cd644fd0cb0bc3d7a5643498c0baf1c2b64dc6b3

SHA512
3feb1f04cd173386397ed9c8d57bf3c0a8ef235c4d22b086c370a2f09a68ddb92bd843f01645745488f289e782f240d85932b7239f009d7e5718257bd40bc2b3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe574d35.TMP

Filesize
3KB

MD5
62cdbbafbca70b3c98b3521ea41355ed

SHA1
07f9b35bc08cfcf4f5e300cba3a19ff23c5ae8e9

SHA256
47c583862f58da05ff340da6edf0fccd5e1a7c9a11430a4991c04b2f35247c9e

SHA512
fddadf06ffcacb75879be36fc87f6f42fb88a7bd34d2c0ec8c29614dda3921237c3c2f72e460d731db075bde223da39de49bdab19bd61d357e842bc1da91487e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
1KB

MD5
3c19d5fc5e0674a61cf4b2e9888bd302

SHA1
48b1f4751ecb1c43688f81970503ca094f865ea2

SHA256
b7efdd39d3ec02b5084755a32c1f6efd45ef5f63816a12feb73562157b401f03

SHA512
edc123fb17373e5681870375671cbeaae18bd283b0461f0d65ed83552c530bee5822818bf84f10c2d90c293a69d14d70738eec694e766047a4aac7cfbd6973a2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe5776d6.TMP

Filesize
15KB

MD5
28456e6ab8ab3dd87968636c9960db7f

SHA1
7eceba32b76a5f1ffc18c696e7ddaa3c034ba9af

SHA256
da9f7f765df057ada9775e970c9bffba500e7dc4b75392c91fb5839e80eae59d

SHA512
0b77c198c98548eb5269f80add6f79287b105721d4f5c34ab69338f8e2b1f575976f678dfe4e8c63b52a662a8136223dc8fcbb448a7aa4bad0155d08c9a943e5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\f0a6f791-490c-4121-99a1-7d4a700b7031.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\b11659e5-ed64-4221-91f3-30c9436708a3.tmp

Filesize
28KB

MD5
f8192449fcd55a6c53e201503f11f5bd

SHA1
c54f0efa33ee80be13cee8188baa1a2e78f56f76

SHA256
2c35e6cd79b396d410397753bcb8ffeac77af66fabd1b409d7bfc150b33b0652

SHA512
f1aaa655f213add09e5ec1888bd91daf4985643285f138457378b385c143c73dd70c39c8192728e6ffba5382317771c423c11d68fcda51a9ba0a0dac0e62056f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
41KB

MD5
cef455b7e4c8a8a3c876493b816f6cd1

SHA1
c1745f342da1b254f0c3eec6a85e89b6634608fc

SHA256
fa432947d86ea9b4aa15829c4df5245baf1d2d30c804a11fec08cf91029b4bf4

SHA512
b53da09492d674217a3801ff0146e6269b5d13732d705a185b90672e2a13201c74004146e370c329928a056183c874ff893db3df4fc6b46908bd2ab42bbedb17

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Utility.exe

Filesize
1KB

MD5
24a9959a40a4c27fa42868502b532c7e

SHA1
625fe473a619a4577db4c58cf491c98815df290f

SHA256
2e9c19f14992228493d0ee4b162b4922a931e64f2fe22371f5d03d8e9ba58918

SHA512
7f825398423cf1a28b7e8a41b1b80b7647b6f44530af45840d22d5729b78b00c95915b20bd98e87313732b187b178e630814bfd80e5ab850b33da60f2c77dd4a

Download Submit
C:\Windows\Utility.exe

Filesize
604KB

MD5
064abfe570ed51ea5c42d975dbc72c4b

SHA1
3edb95aa105fe628016ba0d1e54752e53ed61e8f

SHA256
d1159c74722e98b3a64ef9545835dc77f815411eac982c1600d559baf8f0408e

SHA512
6b204670645f621772caabf236578e2e5d931e14ca2b0bf3743d1023e41a96c15b566364cee8f759579f20d534abb81e10d375ca6f9396b977c1521c2ded5304

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d161e74c6a702b0866f81d67019d806

SHA1
e25aa0f99ebeb259f322c6f9d2411a527ade349c

SHA256
6287cc81d622ad49086644999270e3a26bf6ad05580cddc1c395cb8524bfdefe

SHA512
b21d8d9468a08cd067c2a142be0e3e6dfe3eb4b82e435726e953c980fff39c1b35d4ce208c7295295dd191b62a092cd5ef7eee2c0d4b9a18643d6d89dc416332

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
memory/872-33-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/872-16-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-43-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-44-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/872-114-0x0000000000400000-0x0000000000541000-memory.dmp

Filesize
1.3MB

Download
memory/872-45-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-46-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-47-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-48-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-49-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-41-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/872-39-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/872-38-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-37-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/872-36-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/872-35-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/872-34-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/872-0-0x0000000000400000-0x0000000000541000-memory.dmp

Filesize
1.3MB

Download
memory/872-32-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/872-31-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-30-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-29-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-28-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-27-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-26-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-25-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-24-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-22-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-21-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-20-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-19-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-18-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-17-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-42-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/872-15-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/872-14-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-13-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-11-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-10-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-9-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/872-8-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/872-7-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/872-6-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/872-5-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/872-3-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/872-2-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/872-50-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-52-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-1-0x0000000000B50000-0x0000000000BAA000-memory.dmp

Filesize
360KB

Download
memory/872-53-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-54-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-55-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-56-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-58-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-59-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-12-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-23-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-60-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-61-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-62-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-63-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-64-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-57-0x00000000033A0000-0x00000000034A0000-memory.dmp

Filesize
1024KB

Download
memory/872-51-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/872-40-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/3684-377-0x0000000000400000-0x0000000000541000-memory.dmp

Filesize
1.3MB

Download
memory/3684-378-0x0000000002290000-0x0000000002327000-memory.dmp

Filesize
604KB

Download
memory/3684-338-0x0000000002290000-0x0000000002327000-memory.dmp

Filesize
604KB

Download