Overview

overview

10

Static

static

3

7caf240db9...88.exe

windows7-x64

10

7caf240db9...88.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2025 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7caf240db905f259197cf71b03acf888.exe

  • Size

    960KB

  • MD5

    7caf240db905f259197cf71b03acf888

  • SHA1

    d8d9726a0a67795a01fed368055d9315feada3fd

  • SHA256

    c8017f526793dd8b6b6e98bfa9847fcf3aa7c4096a8432719a8324e06ba8c088

  • SHA512

    1f9464e14d33bfab44dfc85486bea31126a26929e04eae1159e6ecc886aa79877ca29aa93e614512625000d153e090c06b3b2081f9cbc1e8997ad26e59097255

  • SSDEEP

    24576:GzrpUdcKiEWIXZ4aQJkf1dedJNxkTeGnAoEe:cpKiEWIJ4aWkfjedxkTeGAo9

Score
10/10
hawkeyeremcosgraiasdiscoveryexecutionkeyloggerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

remcos

Botnet

Graias

C2

185.234.72.215:4444

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    graias.exe

  • copy_folder

    Graias

  • delete_file

    false

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    graias

  • mouse_option

    false

  • mutex

    Rmc-O844B9

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye
  • Hawkeye family
    hawkeye
  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 8 IoCs
  • Suspicious use of SetThreadContext 9 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7caf240db905f259197cf71b03acf888.exe
    "C:\Users\Admin\AppData\Local\Temp\7caf240db905f259197cf71b03acf888.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\7caf240db905f259197cf71b03acf888.exe"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5076
    • C:\Users\Admin\AppData\Local\Temp\7caf240db905f259197cf71b03acf888.exe
      "C:\Users\Admin\AppData\Local\Temp\7caf240db905f259197cf71b03acf888.exe"
      2⤵
      • Checks computer location settings
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
        "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5044
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4724
        • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
          "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4512
          • C:\Windows\SysWOW64\svchost.exe
            svchost.exe
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1264
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
              6⤵
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:1708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                7⤵
                  PID:3100
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                  7⤵
                    PID:3456
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                    7⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2420
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
                    7⤵
                      PID:244
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                      7⤵
                        PID:4516
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
                        7⤵
                          PID:4764
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                          7⤵
                            PID:4752
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
                            7⤵
                              PID:2852
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
                              7⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4092
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                              7⤵
                                PID:1032
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                                7⤵
                                  PID:1100
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                  7⤵
                                    PID:4832
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                                    7⤵
                                      PID:4936
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                                      7⤵
                                        PID:5408
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                                        7⤵
                                          PID:5504
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                                          7⤵
                                            PID:6008
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                                            7⤵
                                              PID:6104
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                                              7⤵
                                                PID:320
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                                7⤵
                                                  PID:5548
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                                                  7⤵
                                                    PID:5884
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                                                    7⤵
                                                      PID:4760
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
                                                      7⤵
                                                        PID:5604
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                                                        7⤵
                                                          PID:2928
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                                          7⤵
                                                            PID:948
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
                                                            7⤵
                                                              PID:5152
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
                                                              7⤵
                                                                PID:5672
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
                                                                7⤵
                                                                  PID:2796
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
                                                                  7⤵
                                                                    PID:1128
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
                                                                    7⤵
                                                                      PID:5796
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
                                                                      7⤵
                                                                        PID:5936
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
                                                                        7⤵
                                                                          PID:1748
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
                                                                          7⤵
                                                                            PID:1176
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                                                                            7⤵
                                                                              PID:952
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
                                                                              7⤵
                                                                                PID:5544
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3151467583282807477,9222290514646059923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
                                                                                7⤵
                                                                                  PID:3980
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                6⤵
                                                                                  PID:5316
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                    7⤵
                                                                                      PID:5332
                                                                                • C:\Windows\SysWOW64\dxdiag.exe
                                                                                  "C:\Windows\System32\dxdiag.exe" /t C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
                                                                                  5⤵
                                                                                  • Drops file in System32 directory
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Checks SCSI registry key(s)
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:1548
                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                  svchost.exe
                                                                                  5⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5340
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                    6⤵
                                                                                      PID:5944
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                        7⤵
                                                                                          PID:5956
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                        6⤵
                                                                                          PID:5236
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                            7⤵
                                                                                              PID:5248
                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                          svchost.exe
                                                                                          5⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:5284
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                            6⤵
                                                                                              PID:5820
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                7⤵
                                                                                                  PID:5848
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                6⤵
                                                                                                  PID:5324
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                    7⤵
                                                                                                      PID:6020
                                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                                  svchost.exe
                                                                                                  5⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:3820
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                    6⤵
                                                                                                      PID:5356
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                        7⤵
                                                                                                          PID:5876
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                        6⤵
                                                                                                          PID:5140
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                            7⤵
                                                                                                              PID:5728
                                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                                          svchost.exe
                                                                                                          5⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          PID:5708
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                            6⤵
                                                                                                              PID:5132
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                                7⤵
                                                                                                                  PID:3732
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                6⤵
                                                                                                                  PID:5300
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                                    7⤵
                                                                                                                      PID:5764
                                                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                                                  svchost.exe
                                                                                                                  5⤵
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:1844
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                    6⤵
                                                                                                                      PID:4648
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                                        7⤵
                                                                                                                          PID:2484
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                        6⤵
                                                                                                                          PID:3984
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffabcc46f8,0x7fffabcc4708,0x7fffabcc4718
                                                                                                                            7⤵
                                                                                                                              PID:4260
                                                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                                                          svchost.exe
                                                                                                                          5⤵
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:4756
                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                  1⤵
                                                                                                                    PID:904
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:2644

                                                                                                                    Network

                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      968cb9309758126772781b83adb8a28f

                                                                                                                      SHA1

                                                                                                                      8da30e71accf186b2ba11da1797cf67f8f78b47c

                                                                                                                      SHA256

                                                                                                                      92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                                                                                                      SHA512

                                                                                                                      4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                      Filesize

                                                                                                                      152B

                                                                                                                      MD5

                                                                                                                      f426165d1e5f7df1b7a3758c306cd4ae

                                                                                                                      SHA1

                                                                                                                      59ef728fbbb5c4197600f61daec48556fec651c1

                                                                                                                      SHA256

                                                                                                                      b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                                                                                                                      SHA512

                                                                                                                      8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                      Filesize

                                                                                                                      152B

                                                                                                                      MD5

                                                                                                                      6960857d16aadfa79d36df8ebbf0e423

                                                                                                                      SHA1

                                                                                                                      e1db43bd478274366621a8c6497e270d46c6ed4f

                                                                                                                      SHA256

                                                                                                                      f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                                                                                                                      SHA512

                                                                                                                      6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                                                                                                      Filesize

                                                                                                                      68KB

                                                                                                                      MD5

                                                                                                                      0cccccd82d68d5ff076e1bd047436ec8

                                                                                                                      SHA1

                                                                                                                      0b9d6ebef9ac1c03f8138e9fc9203f9cd69d2a73

                                                                                                                      SHA256

                                                                                                                      0e9d24e58133fdae2fe766ece9358afdc57da1568485bf36182851b6c1291246

                                                                                                                      SHA512

                                                                                                                      84c357d75e1b7c25249ef826bf5ea9ef4445f2d4f985ae7128363421ac28f1cf438256cb40cdfd2fcf9ad439900dfc7796f9ab850e0445dbbfab5c23f29575eb

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                      Filesize

                                                                                                                      487KB

                                                                                                                      MD5

                                                                                                                      831a0aa25af2c60a7380ea75c321d930

                                                                                                                      SHA1

                                                                                                                      140ec306c24ab6f348c4dde5900b219d817e2026

                                                                                                                      SHA256

                                                                                                                      8cdde5daa52335c0a4e416f6fc22aa80744207a38fc276bd65341c2d2e903557

                                                                                                                      SHA512

                                                                                                                      0147937b2b2cf9bbf7e8dbee2d598e156c6ce4ddff224b3dc48caed96e89038ecdff1ace743b82fdf6155c40b674f4b1983693dbe45c39898487d3b7be258161

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                      Filesize

                                                                                                                      89KB

                                                                                                                      MD5

                                                                                                                      6c66566329b8f1f2a69392a74e726d4c

                                                                                                                      SHA1

                                                                                                                      7609ceb7d28c601a8d7279c8b5921742a64d28ce

                                                                                                                      SHA256

                                                                                                                      f512f4fb0d4855fc4aa78e26516e9ec1cfabc423a353cd01bc68ee6098dc56d6

                                                                                                                      SHA512

                                                                                                                      aca511bfaf9b464aff7b14998f06a7e997e22fcbe7728401a1e4bd7e4eceb8c938bbd820a16d471d0b5a0589d8807b426b97292fc2a28578a62e4681185556c3

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                      Filesize

                                                                                                                      79KB

                                                                                                                      MD5

                                                                                                                      e51f388b62281af5b4a9193cce419941

                                                                                                                      SHA1

                                                                                                                      364f3d737462b7fd063107fe2c580fdb9781a45a

                                                                                                                      SHA256

                                                                                                                      348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

                                                                                                                      SHA512

                                                                                                                      1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                      Filesize

                                                                                                                      34KB

                                                                                                                      MD5

                                                                                                                      522037f008e03c9448ae0aaaf09e93cb

                                                                                                                      SHA1

                                                                                                                      8a32997eab79246beed5a37db0c92fbfb006bef2

                                                                                                                      SHA256

                                                                                                                      983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

                                                                                                                      SHA512

                                                                                                                      643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                      Filesize

                                                                                                                      17KB

                                                                                                                      MD5

                                                                                                                      240c4cc15d9fd65405bb642ab81be615

                                                                                                                      SHA1

                                                                                                                      5a66783fe5dd932082f40811ae0769526874bfd3

                                                                                                                      SHA256

                                                                                                                      030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

                                                                                                                      SHA512

                                                                                                                      267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                      Filesize

                                                                                                                      19KB

                                                                                                                      MD5

                                                                                                                      4d0bfea9ebda0657cee433600ed087b6

                                                                                                                      SHA1

                                                                                                                      f13c690b170d5ba6be45dedc576776ca79718d98

                                                                                                                      SHA256

                                                                                                                      67e7d8e61b9984289b6f3f476bbeb6ceb955bec823243263cf1ee57d7db7ae9a

                                                                                                                      SHA512

                                                                                                                      9136adec32f1d29a72a486b4604309aa8f9611663fa1e8d49079b67260b2b09cefdc3852cf5c08ca9f5d8ea718a16dbd8d8120ac3164b0d1519d8ef8a19e4ea5

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                                      Filesize

                                                                                                                      259KB

                                                                                                                      MD5

                                                                                                                      34504ed4414852e907ecc19528c2a9f0

                                                                                                                      SHA1

                                                                                                                      0694ca8841b146adcaf21c84dedc1b14e0a70646

                                                                                                                      SHA256

                                                                                                                      c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810

                                                                                                                      SHA512

                                                                                                                      173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                      Filesize

                                                                                                                      62KB

                                                                                                                      MD5

                                                                                                                      8ccb0248b7f2abeead74c057232df42a

                                                                                                                      SHA1

                                                                                                                      c02bd92fea2df7ed12c8013b161670b39e1ec52f

                                                                                                                      SHA256

                                                                                                                      0a9fd0c7f32eabbb2834854c655b958ec72a321f3c1cf50035dd87816591cdcc

                                                                                                                      SHA512

                                                                                                                      6d6e3c858886c9d6186ad13b94dbc2d67918aa477fb7d70a7140223fab435cf109537c51ca7f4b2a0db00eead806bbe8c6b29b947b0be7044358d2823f5057ce

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\147b64cb57aed4e3_0
                                                                                                                      Filesize

                                                                                                                      1.3MB

                                                                                                                      MD5

                                                                                                                      ed5b2d7fa0355e5762e588fc4ecf5f4c

                                                                                                                      SHA1

                                                                                                                      5d0058f06e6405391ef22da052567ef4d07f8192

                                                                                                                      SHA256

                                                                                                                      6a0226f3a668bc558e3fc014cbe6cd33fca547393fcdfb3d462214e3967c3218

                                                                                                                      SHA512

                                                                                                                      ec036155072765fb6c56ea6a6c65bb4b21a80da1e762b6df24e38e786e2fe4ff7d652fe1a0bdca9b14e84f65892004a558e71b0ac3b65c8e85877410b998db14

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26f1a435530e3442_0
                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      97eee3b5a83e42616581ab1164f442d9

                                                                                                                      SHA1

                                                                                                                      468e0aa28f42f3ccaeccd46b89f91f15190b6e84

                                                                                                                      SHA256

                                                                                                                      b12acc2a7e08352c4c6d1b43e2c82bd2631fb78ae913a019b746cbbcbe856164

                                                                                                                      SHA512

                                                                                                                      a45901b8b4c1f7ed865b36bb189a4cfeb4a05106751a4d413245ae8b75d36538eb810ed9546f5b6835174383aad69b79f6f3274ae1755133f20068d628589fa1

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0
                                                                                                                      Filesize

                                                                                                                      272B

                                                                                                                      MD5

                                                                                                                      e8aaad248c0ec9366016db775d0051e1

                                                                                                                      SHA1

                                                                                                                      8713ee3e241e8361da2b9113026fe33ced5393ee

                                                                                                                      SHA256

                                                                                                                      e022f827f0a7c00c316e7abd6a019d0d65918b285938c53a56fe4165a9592982

                                                                                                                      SHA512

                                                                                                                      9e597658a4ce28e644375d30e12181aa9f4ff7782792c5789954ebbad0be6a345ba98745175d73e71d7cd2e5500cc5c35c45bc0e336f32207045787d816e9ee2

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41bf90541643f077_0
                                                                                                                      Filesize

                                                                                                                      188KB

                                                                                                                      MD5

                                                                                                                      77b4939a18034f8b68da55098c2ef844

                                                                                                                      SHA1

                                                                                                                      6b1d4acfe99847cf34f20a106fb9a21870098435

                                                                                                                      SHA256

                                                                                                                      240f8221b76830d50a977a16910fd093b1c636e1dd043ab4fa8d71b1f6c81ffb

                                                                                                                      SHA512

                                                                                                                      b30b4415d5ee33073e6e8b97ad7d5e9bb243bf86d3614e697c999d3f07125a4aef8f583de9228f49e8504c3afb3f3579683872fd58aea63408a4d3b6eee801dc

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42a3c9e29ac609aa_0
                                                                                                                      Filesize

                                                                                                                      1.2MB

                                                                                                                      MD5

                                                                                                                      0ac9e20c8a12c0ac95d6b07c5ad1a466

                                                                                                                      SHA1

                                                                                                                      763e2e68df2b9140ec3eb3e8ad65ca1568694aa9

                                                                                                                      SHA256

                                                                                                                      76dabeba1e4f8640e1311348a9d36242f30512b2fddf08ca72600599c8fe9ff3

                                                                                                                      SHA512

                                                                                                                      4717244bc63e3c10aa9d819c0abab0bf214889dea3667ff17b63835f0878986979985efd44ab3e55934c054564272c0ee74d45da102812e1ab0094dff14d1ee0

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c896e8aae559d2_0
                                                                                                                      Filesize

                                                                                                                      291B

                                                                                                                      MD5

                                                                                                                      b53c1ebd7b196a9f99b7ab1859e28138

                                                                                                                      SHA1

                                                                                                                      4ee56e80b1cb5d8d90bf14b3ed79b063351b546d

                                                                                                                      SHA256

                                                                                                                      effeac6f1c27de3c451271c55f92d071a5080c753c91b91e7295b5c5bbb9ad2a

                                                                                                                      SHA512

                                                                                                                      63cbe7c05d9d9f5bb4ad1bbbb23cbc44b58dd1e4ea94e866303921334d2b4905e5d61872fa936eb43c01cb8cdf417cefbd4276ad2c43e5a3689d5734e6867a3d

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cda6bd935008e67_0
                                                                                                                      Filesize

                                                                                                                      295KB

                                                                                                                      MD5

                                                                                                                      5b837e0fda04d42a631d38dab653b880

                                                                                                                      SHA1

                                                                                                                      d670b6205211673a0ecfffd102761ddca943c679

                                                                                                                      SHA256

                                                                                                                      1fa6e20c99883185150cf2b2b441b04a86e45291825aff8da51aebeec5c9a799

                                                                                                                      SHA512

                                                                                                                      cdfa899f78972d6ceb8a0e50c4783744b0ac44e2a1368bfb300c2e3371e7aac1a331f927483bb4d863954a033ad0bf2af11232478c200bd44020fc141d8debc8

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e91da4b52bb26ef3_0
                                                                                                                      Filesize

                                                                                                                      297B

                                                                                                                      MD5

                                                                                                                      bc84365c8a4394d12193f913edc102e7

                                                                                                                      SHA1

                                                                                                                      a94ea3cfa12f908fbc27a3bcf63ebf634fe566bd

                                                                                                                      SHA256

                                                                                                                      05c12e344a4f36fc16fcd2c5cedc1257b9504c1df009287514725337660f42d4

                                                                                                                      SHA512

                                                                                                                      dc7f33c077f26505c6875a37927bdb3f7d14612d0156432c1a181cc27b6faedb6d6e06bbbc132b5b7ae49934fc8dce85c7e1309d666aa1c7044259b1f8763fcd

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0
                                                                                                                      Filesize

                                                                                                                      269B

                                                                                                                      MD5

                                                                                                                      4279dfde54b6f16180b154b9e813ce09

                                                                                                                      SHA1

                                                                                                                      26f201a4d44613bc38082d001770868898db1eb1

                                                                                                                      SHA256

                                                                                                                      b3bf4cf1bd937a3a4060b9708274c2997080ce16af8345438f20d3565c6813e9

                                                                                                                      SHA512

                                                                                                                      14e97dfc0003c86fb2fb68fa32f653cae678ae48bbf53196fbaafac39295783acdabbc423f419fa4d44cf7c88564785174e331fab4e2c35a93c31d2f6cda8a43

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                      Filesize

                                                                                                                      437B

                                                                                                                      MD5

                                                                                                                      6f0956b7320621e2add229397b16cc4e

                                                                                                                      SHA1

                                                                                                                      87428f0d0ee271f3e9edbb647569ffd17e6539c0

                                                                                                                      SHA256

                                                                                                                      a0c000dd88d7120fb62fe5008e6b6dee6a948e93cbe6fad152ab227bbb04f71a

                                                                                                                      SHA512

                                                                                                                      d00a4b80c6ccc972a6c4d35e1a4739f49e4292b33ea83924a7a3f8a0a599fcf6714da0431bdf7f1f4a351febb000d91f63e010ad0d8070163822f262bb5bda99

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      7KB

                                                                                                                      MD5

                                                                                                                      c1ce16906a104167902398073d659b02

                                                                                                                      SHA1

                                                                                                                      99c16223ada8d6bc70b576828dddd935b8d772ad

                                                                                                                      SHA256

                                                                                                                      b021db111b42c5b3c1bf2fe10ef9637b32433fbde33e2c2ce98c259a7e1556e1

                                                                                                                      SHA512

                                                                                                                      6808ac4ec8fa614f31ff37078d454021ba28e48b096730590610fcd1149d266156437f601a0798ab2cbda5fc48f638a13c81a7abdf87438933044640ea4676b8

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      7KB

                                                                                                                      MD5

                                                                                                                      d8cfdc185d4fa23ef0e106baa00516cf

                                                                                                                      SHA1

                                                                                                                      49cab65632c2cc1c5aefbdca956e71baea42f622

                                                                                                                      SHA256

                                                                                                                      264ddd9139442714a4f690e146c8baf9a832ceb659f2b28c7a234a0a0bb58975

                                                                                                                      SHA512

                                                                                                                      737e7975b45271eb12d13ca3514841624f800f29b2eed6b360ad4b4a9696f8f472791fb2a8c8ebc71698513124093a7d59c6ae286709413c382b293bf5be0b69

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      633c06ec4d5ddcfbb40f7ca9597dcd6a

                                                                                                                      SHA1

                                                                                                                      1fb6808d1d5f767d57c85b39d0f6dc78495f0011

                                                                                                                      SHA256

                                                                                                                      9b175ff4b53d949af461bf886935b776fa46faa07ec0b267b3086e60299dda46

                                                                                                                      SHA512

                                                                                                                      3436404359e1cf681844855ea5dff1aa0e797495f7e5d3101d40990c26098e3134c28598142258514857b6d6a4e1e6af6b6a913dca01a96557f2b1109a1517d0

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      7KB

                                                                                                                      MD5

                                                                                                                      5291a75dcb677e42b096733d3f46d70e

                                                                                                                      SHA1

                                                                                                                      86883d44963b014730bc3e345a98a3e3edf22015

                                                                                                                      SHA256

                                                                                                                      7c4fa85fa0b2860262e68aef2933bde178e6587f3f8707363645ec3b0700fe16

                                                                                                                      SHA512

                                                                                                                      ff02a30f76b75af269e4df58c84e1bba1c3ae632488e3aac5be9f9695a21a998129542cae8d37e98fc7b8526d1f1c5c4e025d9d171223f7d4338584bb82b89f6

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      363226d3e980b337750bef1d00f2f2eb

                                                                                                                      SHA1

                                                                                                                      be9f1b5ceab56602338680f5f452aa89b7c8435e

                                                                                                                      SHA256

                                                                                                                      54d27e5ea34a0103ff96c1a4a59916c6a020ad0e523842480ff662c239a61b9f

                                                                                                                      SHA512

                                                                                                                      18a8ca92ef2a1ae6d56a287c25607c6391fc75b8119c2b0de71637bc42b967ade59e30305aa60fa0741080ba36ffd3b50b3114ff0221ac00cd3103951a88e40d

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      5KB

                                                                                                                      MD5

                                                                                                                      e82ca4e5c950049f6105d6fbc022c010

                                                                                                                      SHA1

                                                                                                                      8763660384ba7260b66259320b0da58921341ef0

                                                                                                                      SHA256

                                                                                                                      c753d124a7a5a193989b311edc1983e43f9c55692732ed35f38e8919d3b07ce8

                                                                                                                      SHA512

                                                                                                                      250e3b7465e2924596a190a0ae5e8c1227a21e0d6ba51a6fe1d190f438f4166cd3232e8c4835baef269273363a8845d56641c9ae9203cae661951ae24816f9a8

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      49c88e7c4c95e2cc83a724d448e7d9c0

                                                                                                                      SHA1

                                                                                                                      6e2e69cfc3180e4b3f7bfcca6e0bfed22603238d

                                                                                                                      SHA256

                                                                                                                      96d6680da70c37c3392e33a8cd7b70aa65b4d3a58e682376a8e0c7ed36a2e757

                                                                                                                      SHA512

                                                                                                                      353a8b94f0736888a728c73cb832ef569054bdd20c612e6ffd025372f742560a6daedfb4005af332a99bd78725a926820a5bfd5e4ad93db224f720d8e4256839

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                      Filesize

                                                                                                                      6KB

                                                                                                                      MD5

                                                                                                                      d56e00002ae9ae0fba22bb5c9bf6e472

                                                                                                                      SHA1

                                                                                                                      defbaef7b0566da2603ee7fd2cf28ed5c309b279

                                                                                                                      SHA256

                                                                                                                      90de522ee0224e0fa5f6e063649214e6c4a75086f2a37a913066330ed50c62ca

                                                                                                                      SHA512

                                                                                                                      a1a3a961b5af1abc8c442efea44f6a65b560b388638037d069bcdb4293edb5a1889989ffb5efb4b0a24f198fcfe6c982dfe5c83b36bbe4580e3f084672a06c77

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                      Filesize

                                                                                                                      371B

                                                                                                                      MD5

                                                                                                                      61d0459bb2bdd0ae9f14c561ef060c67

                                                                                                                      SHA1

                                                                                                                      7c795fef81fd22da7eb6614ae227e32ca1969dc2

                                                                                                                      SHA256

                                                                                                                      821c2e253fad56dd9fff59707011a6ec366d780b91643bfb0b5b9fbf826f1c86

                                                                                                                      SHA512

                                                                                                                      1707f6ecb340d2ea32ab570117b27c77ec4485b31b1bcdf1fb2a608d7b6e14b2e7d2aab4a516171cab6db6ebe553eab0a51cfd32b876c1da1cb8395df2ff2d03

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                      Filesize

                                                                                                                      371B

                                                                                                                      MD5

                                                                                                                      134da9d0b8abf80e3a3379fe19905141

                                                                                                                      SHA1

                                                                                                                      f4fa06c55f705ca6b52798451fecacd1476304a3

                                                                                                                      SHA256

                                                                                                                      11d8978f7aaada3ca545b025df45e348acb53b1305cbc0bd39fa8bf2371ed678

                                                                                                                      SHA512

                                                                                                                      ec475fedd58afa23a27888fc0fff54ffe8eed6afaf74cc5f2d9c68c187f1afc61d7f82c344af3f39c5ea8672980edfa117a2f2d56e4e9713d6f3b66657c011b6

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                      Filesize

                                                                                                                      367B

                                                                                                                      MD5

                                                                                                                      9f508eda11aeb92e03a7afb5395b616c

                                                                                                                      SHA1

                                                                                                                      f6cf377c0916d0c92a714f01de35e118f4108d08

                                                                                                                      SHA256

                                                                                                                      6778fe7a88660a12879be9f14deacbfd3915342ba9760ef5add71a017ec1f853

                                                                                                                      SHA512

                                                                                                                      aa38b82034b86c739874f418bc22aa48855b68500e49fba3dac1fdd3681426fecc50c050e56c55217aadd7f335cc4e569f7ff61d75c45286ac38b46e2136351e

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                      Filesize

                                                                                                                      371B

                                                                                                                      MD5

                                                                                                                      2a1ee7e67622bb7fd934af32bbf1388e

                                                                                                                      SHA1

                                                                                                                      9c7f946602c32282fc5196d6741b3d09a127f620

                                                                                                                      SHA256

                                                                                                                      28c48acc7b0234637f870fc8a0e58612f658c8a7c994717e7c780df43582fd3f

                                                                                                                      SHA512

                                                                                                                      7c43d25b71c4460fbaa54147559d2155384829d0af0c2e4e0b4db7889c6aa1252ffc717cc5d52650a2d86b244bc073df7a831dbbbf92c91aac5cae9a9f78de9f

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                      Filesize

                                                                                                                      371B

                                                                                                                      MD5

                                                                                                                      917824b53b8272611a1894928ba6bb3f

                                                                                                                      SHA1

                                                                                                                      e2566b2450c128b39564f5f7dcca4796fdbbcb6f

                                                                                                                      SHA256

                                                                                                                      c6190aaea99fdefa8b9084679074b4266756f7b5b0081f09b2dfbdad651cc254

                                                                                                                      SHA512

                                                                                                                      e215217a3c1327e6120e24b3ee262964f7ad019cca7ec68cc4e7d5a0195c2a30f2ab06b371c146cd3cee71cfa698bfd8b753e9db4f2094ae0d3573f4e8d7cd0b

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                      Filesize

                                                                                                                      371B

                                                                                                                      MD5

                                                                                                                      c0814eea5dd8e93cbd97ebea0909998c

                                                                                                                      SHA1

                                                                                                                      b5463ce5fb9943f7c52eadfa839d85fa47a96449

                                                                                                                      SHA256

                                                                                                                      b043fc44c547f4c3cae7641ae6d58d13a841088ac0e99632498309d63668c7a3

                                                                                                                      SHA512

                                                                                                                      95b88ceef36dcaef453936bac3e38f3af3d68b1a72bdbb7f9736dba96992a0a7060d0a9c055915b754450423c6ad7ab1a2075ebca898e3872c156aa876a0348a

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ab00.TMP
                                                                                                                      Filesize

                                                                                                                      371B

                                                                                                                      MD5

                                                                                                                      ab9aae28df8b1463721be2fdf40c07b9

                                                                                                                      SHA1

                                                                                                                      96fd2e340dcfc0fa9bf888d230c16ed6c3925132

                                                                                                                      SHA256

                                                                                                                      88b678542c752276cdbef8bd5c479d345160a82ad6ba5ffa40efe2aa78fa54c6

                                                                                                                      SHA512

                                                                                                                      a4785f561c8508681a0813b6b39bb018317886988fb5d1045c77d5a6336042d73463abfcf508d1be4c1888d2dc5bc6da46b6681677576d507af4e386c760f04c

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                      Filesize

                                                                                                                      16B

                                                                                                                      MD5

                                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                                      SHA1

                                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                      SHA256

                                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                      SHA512

                                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                      Filesize

                                                                                                                      16B

                                                                                                                      MD5

                                                                                                                      206702161f94c5cd39fadd03f4014d98

                                                                                                                      SHA1

                                                                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                      SHA256

                                                                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                      SHA512

                                                                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                      Filesize

                                                                                                                      10KB

                                                                                                                      MD5

                                                                                                                      fce3025643040b1862862c405ad48226

                                                                                                                      SHA1

                                                                                                                      54ed678ad787f91504e2241d1dfd300f2c09b188

                                                                                                                      SHA256

                                                                                                                      8b16f0b00c5de0fcb0c1acc4892fa8fa639328b95208fcd322fb3e3097a36abf

                                                                                                                      SHA512

                                                                                                                      1a5775714d8a3f06098312b3541931d81265b9227061b4be301062cdcd15e8189cd436a514d3c37e66cc47215dbe08d1a1b07cc79876f9d212f112fdff3573e7

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                      Filesize

                                                                                                                      18KB

                                                                                                                      MD5

                                                                                                                      967649a7871b66b4d60db459ff7485c2

                                                                                                                      SHA1

                                                                                                                      1dd528a610f0710609a5956252af601736f2d533

                                                                                                                      SHA256

                                                                                                                      f3647eb61c36f11f8ccc2a6ecf762bed69424ff7b073ff665167e152514f1e75

                                                                                                                      SHA512

                                                                                                                      e312c8d234a9a898ba806e1bd4eedf09802d7ae72ae076b4e05f9bccfc765f20b4d702cb4acac8c2671c6b65ce102f2a4b6abe9fa8281a83182c0b9e0592c1b5

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bqhlvw5p.nbr.ps1
                                                                                                                      Filesize

                                                                                                                      60B

                                                                                                                      MD5

                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                      SHA1

                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                      SHA256

                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                      SHA512

                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
                                                                                                                      Filesize

                                                                                                                      84KB

                                                                                                                      MD5

                                                                                                                      0d82358dca43d431aba265eb691a3dde

                                                                                                                      SHA1

                                                                                                                      786057ea9d681b9584beba87f51656f83a3eb7c1

                                                                                                                      SHA256

                                                                                                                      655f4f2ee982e5b3f95e9691003fc1ad70f68e1473dd2dab5e5fd6cba6e77e0f

                                                                                                                      SHA512

                                                                                                                      8006dfccdd96e0ee2df7fb83c1e9a94299c5ebdc761593ecd00be3f705a1feb22870768bb33708c718bb1a88a92828422ef0970b44b3123dc2dfbc7edc088694

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
                                                                                                                      Filesize

                                                                                                                      960KB

                                                                                                                      MD5

                                                                                                                      7caf240db905f259197cf71b03acf888

                                                                                                                      SHA1

                                                                                                                      d8d9726a0a67795a01fed368055d9315feada3fd

                                                                                                                      SHA256

                                                                                                                      c8017f526793dd8b6b6e98bfa9847fcf3aa7c4096a8432719a8324e06ba8c088

                                                                                                                      SHA512

                                                                                                                      1f9464e14d33bfab44dfc85486bea31126a26929e04eae1159e6ecc886aa79877ca29aa93e614512625000d153e090c06b3b2081f9cbc1e8997ad26e59097255

                                                                                                                      Download Submit

                                                                                                                    • memory/1264-134-0x00000000008C0000-0x00000000009B6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      984KB

                                                                                                                      Download

                                                                                                                    • memory/1548-212-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-216-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-210-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-202-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-213-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-214-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-215-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-204-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-203-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1548-211-0x0000000002660000-0x0000000002661000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2684-97-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/2684-11-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/2684-12-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/2684-14-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/2684-17-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/3820-501-0x0000000000800000-0x00000000008F6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      984KB

                                                                                                                      Download

                                                                                                                    • memory/4512-180-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-603-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-170-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-167-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-179-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-464-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-186-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-166-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-165-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-465-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-401-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-499-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-151-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-561-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-145-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-340-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-136-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-135-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-126-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-125-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-132-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-253-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-254-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-255-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-130-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-463-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-274-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-273-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-282-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-283-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-604-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4512-169-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      508KB

                                                                                                                      Download

                                                                                                                    • memory/4576-1-0x0000000000A10000-0x0000000000B06000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      984KB

                                                                                                                      Download

                                                                                                                    • memory/4576-8-0x000000007515E000-0x000000007515F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4576-4-0x00000000056A0000-0x00000000056AA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      Download

                                                                                                                    • memory/4576-6-0x0000000005780000-0x000000000581C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      624KB

                                                                                                                      Download

                                                                                                                    • memory/4576-7-0x0000000007EA0000-0x0000000007EB8000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      96KB

                                                                                                                      Download

                                                                                                                    • memory/4576-3-0x0000000005510000-0x00000000055A2000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      584KB

                                                                                                                      Download

                                                                                                                    • memory/4576-2-0x0000000005A20000-0x0000000005FC4000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      5.6MB

                                                                                                                      Download

                                                                                                                    • memory/4576-0-0x000000007515E000-0x000000007515F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4576-20-0x0000000075150000-0x0000000075900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                      Download

                                                                                                                    • memory/4576-5-0x0000000075150000-0x0000000075900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                      Download

                                                                                                                    • memory/4576-9-0x0000000075150000-0x0000000075900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                      Download

                                                                                                                    • memory/4576-10-0x00000000080A0000-0x0000000008162000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      776KB

                                                                                                                      Download

                                                                                                                    • memory/4724-149-0x00000000067C0000-0x000000000680C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                      Download

                                                                                                                    • memory/4724-152-0x00000000722B0000-0x00000000722FC000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                      Download

                                                                                                                    • memory/4724-162-0x0000000007890000-0x0000000007933000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      652KB

                                                                                                                      Download

                                                                                                                    • memory/4724-163-0x0000000007C50000-0x0000000007C64000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      80KB

                                                                                                                      Download

                                                                                                                    • memory/4724-142-0x00000000060B0000-0x0000000006404000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      3.3MB

                                                                                                                      Download

                                                                                                                    • memory/5076-114-0x0000000007D50000-0x0000000007DE6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      600KB

                                                                                                                      Download

                                                                                                                    • memory/5076-99-0x0000000072590000-0x00000000725DC000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                      Download

                                                                                                                    • memory/5076-94-0x00000000067C0000-0x00000000067DE000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      120KB

                                                                                                                      Download

                                                                                                                    • memory/5076-96-0x0000000006840000-0x000000000688C000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      304KB

                                                                                                                      Download

                                                                                                                    • memory/5076-75-0x0000000006130000-0x0000000006196000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      408KB

                                                                                                                      Download

                                                                                                                    • memory/5076-73-0x00000000060C0000-0x0000000006126000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      408KB

                                                                                                                      Download

                                                                                                                    • memory/5076-72-0x0000000005F20000-0x0000000005F42000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      136KB

                                                                                                                      Download

                                                                                                                    • memory/5076-23-0x0000000075150000-0x0000000075900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                      Download

                                                                                                                    • memory/5076-22-0x00000000058F0000-0x0000000005F18000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      6.2MB

                                                                                                                      Download

                                                                                                                    • memory/5076-21-0x0000000075150000-0x0000000075900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                      Download

                                                                                                                    • memory/5076-98-0x00000000077B0000-0x00000000077E2000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      200KB

                                                                                                                      Download

                                                                                                                    • memory/5076-18-0x0000000002E90000-0x0000000002EC6000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      216KB

                                                                                                                      Download

                                                                                                                    • memory/5076-19-0x000000007515E000-0x000000007515F000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/5076-84-0x00000000062A0000-0x00000000065F4000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      3.3MB

                                                                                                                      Download

                                                                                                                    • memory/5076-109-0x0000000006D80000-0x0000000006D9E000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      120KB

                                                                                                                      Download

                                                                                                                    • memory/5076-110-0x00000000077F0000-0x0000000007893000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      652KB

                                                                                                                      Download

                                                                                                                    • memory/5076-111-0x0000000008120000-0x000000000879A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      6.5MB

                                                                                                                      Download

                                                                                                                    • memory/5076-112-0x0000000007AD0000-0x0000000007AEA000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      104KB

                                                                                                                      Download

                                                                                                                    • memory/5076-113-0x0000000007B40000-0x0000000007B4A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      Download

                                                                                                                    • memory/5076-115-0x0000000007CD0000-0x0000000007CE1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      68KB

                                                                                                                      Download

                                                                                                                    • memory/5076-116-0x0000000007D00000-0x0000000007D0E000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      56KB

                                                                                                                      Download

                                                                                                                    • memory/5076-117-0x0000000007D10000-0x0000000007D24000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      80KB

                                                                                                                      Download

                                                                                                                    • memory/5076-122-0x0000000075150000-0x0000000075900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      7.7MB

                                                                                                                      Download

                                                                                                                    • memory/5076-118-0x0000000007E10000-0x0000000007E2A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      104KB

                                                                                                                      Download

                                                                                                                    • memory/5076-119-0x0000000007DF0000-0x0000000007DF8000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      32KB

                                                                                                                      Download

                                                                                                                    • memory/5340-300-0x0000000000C40000-0x0000000000D36000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      984KB

                                                                                                                      Download