Overview

overview

10

Static

static

3

4A9440BAA6...AD.exe

windows7-x64

10

4A9440BAA6...AD.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2025 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4A9440BAA61BE8363A372B0BBC5933AD.exe

  • Size

    962KB

  • MD5

    4a9440baa61be8363a372b0bbc5933ad

  • SHA1

    9aa5380dc87829c6fa22e9029cadcab9f6221ef9

  • SHA256

    51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c

  • SHA512

    648bd4434ce14e15c3faba25945525fffec6dad028e8fe26982d70096ccd448ca6e114e10739b1e990ea65970db97897713b8054450f1cd98c9aacb596436b0c

  • SSDEEP

    24576:fdFeteG2H+FLBvmhCWWmLiUZklZGIo/KCrB:FA9w+bvmhCWWpUZkbDo5rB

Score
10/10
remcosgraiasdiscoveryexecutionpersistencerat

Malware Config

Extracted

Family

remcos

Botnet

Graias

C2

185.234.72.215:4444

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    graias.exe

  • copy_folder

    Graias

  • delete_file

    false

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    graias

  • mouse_option

    false

  • mutex

    Rmc-O844B9

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 9 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4A9440BAA61BE8363A372B0BBC5933AD.exe
    "C:\Users\Admin\AppData\Local\Temp\4A9440BAA61BE8363A372B0BBC5933AD.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\4A9440BAA61BE8363A372B0BBC5933AD.exe"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4700
    • C:\Users\Admin\AppData\Local\Temp\4A9440BAA61BE8363A372B0BBC5933AD.exe
      "C:\Users\Admin\AppData\Local\Temp\4A9440BAA61BE8363A372B0BBC5933AD.exe"
      2⤵
      • Checks computer location settings
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
        "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4624
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2288
        • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
          "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4356
          • C:\Windows\SysWOW64\svchost.exe
            svchost.exe
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
              6⤵
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:636
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                7⤵
                  PID:1492
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
                  7⤵
                    PID:1832
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
                    7⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2220
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
                    7⤵
                      PID:224
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                      7⤵
                        PID:1644
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                        7⤵
                          PID:3964
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                          7⤵
                            PID:2144
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                            7⤵
                              PID:432
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                              7⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2200
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                              7⤵
                                PID:3696
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                                7⤵
                                  PID:2164
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                                  7⤵
                                    PID:1604
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                                    7⤵
                                      PID:1968
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
                                      7⤵
                                        PID:1116
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                                        7⤵
                                          PID:2044
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                                          7⤵
                                            PID:1692
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                                            7⤵
                                              PID:1428
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
                                              7⤵
                                                PID:5312
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                                                7⤵
                                                  PID:5412
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                                  7⤵
                                                    PID:5900
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                                                    7⤵
                                                      PID:5980
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
                                                      7⤵
                                                        PID:4112
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                                        7⤵
                                                          PID:5292
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
                                                          7⤵
                                                            PID:2580
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
                                                            7⤵
                                                              PID:5884
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
                                                              7⤵
                                                                PID:4588
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
                                                                7⤵
                                                                  PID:5164
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                                                                  7⤵
                                                                    PID:4984
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
                                                                    7⤵
                                                                      PID:5988
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                                                      7⤵
                                                                        PID:5484
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                                                        7⤵
                                                                          PID:6056
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
                                                                          7⤵
                                                                            PID:2464
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
                                                                            7⤵
                                                                              PID:544
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                                                              7⤵
                                                                                PID:2932
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16165764504752744226,11872224738825288966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
                                                                                7⤵
                                                                                  PID:2316
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                6⤵
                                                                                  PID:4128
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                    7⤵
                                                                                      PID:2144
                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                  svchost.exe
                                                                                  5⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:2784
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                    6⤵
                                                                                      PID:3620
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                        7⤵
                                                                                          PID:2696
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                        6⤵
                                                                                          PID:5224
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                            7⤵
                                                                                              PID:5240
                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                          svchost.exe
                                                                                          5⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:5252
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                            6⤵
                                                                                              PID:5824
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                7⤵
                                                                                                  PID:5836
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                6⤵
                                                                                                  PID:3492
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                    7⤵
                                                                                                      PID:2044
                                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                                  svchost.exe
                                                                                                  5⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:5144
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                    6⤵
                                                                                                      PID:4928
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                        7⤵
                                                                                                          PID:5108
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                        6⤵
                                                                                                          PID:2372
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                            7⤵
                                                                                                              PID:2140
                                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                                          svchost.exe
                                                                                                          5⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          PID:2772
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                            6⤵
                                                                                                              PID:1264
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                                7⤵
                                                                                                                  PID:2276
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                6⤵
                                                                                                                  PID:828
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                                    7⤵
                                                                                                                      PID:1556
                                                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                                                  svchost.exe
                                                                                                                  5⤵
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:1800
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                    6⤵
                                                                                                                      PID:2432
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                                        7⤵
                                                                                                                          PID:4632
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                        6⤵
                                                                                                                          PID:1340
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff47b946f8,0x7fff47b94708,0x7fff47b94718
                                                                                                                            7⤵
                                                                                                                              PID:4284
                                                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                                                          svchost.exe
                                                                                                                          5⤵
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:5288
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 1224
                                                                                                                        4⤵
                                                                                                                        • Program crash
                                                                                                                        PID:1052
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 1644
                                                                                                                    2⤵
                                                                                                                    • Program crash
                                                                                                                    PID:3236
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1948 -ip 1948
                                                                                                                  1⤵
                                                                                                                    PID:2360
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4624 -ip 4624
                                                                                                                    1⤵
                                                                                                                      PID:3656
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:2752
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:1268

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          968cb9309758126772781b83adb8a28f

                                                                                                                          SHA1

                                                                                                                          8da30e71accf186b2ba11da1797cf67f8f78b47c

                                                                                                                          SHA256

                                                                                                                          92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                                                                                                          SHA512

                                                                                                                          4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          f426165d1e5f7df1b7a3758c306cd4ae

                                                                                                                          SHA1

                                                                                                                          59ef728fbbb5c4197600f61daec48556fec651c1

                                                                                                                          SHA256

                                                                                                                          b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                                                                                                                          SHA512

                                                                                                                          8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          6960857d16aadfa79d36df8ebbf0e423

                                                                                                                          SHA1

                                                                                                                          e1db43bd478274366621a8c6497e270d46c6ed4f

                                                                                                                          SHA256

                                                                                                                          f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                                                                                                                          SHA512

                                                                                                                          6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          MD5

                                                                                                                          0cccccd82d68d5ff076e1bd047436ec8

                                                                                                                          SHA1

                                                                                                                          0b9d6ebef9ac1c03f8138e9fc9203f9cd69d2a73

                                                                                                                          SHA256

                                                                                                                          0e9d24e58133fdae2fe766ece9358afdc57da1568485bf36182851b6c1291246

                                                                                                                          SHA512

                                                                                                                          84c357d75e1b7c25249ef826bf5ea9ef4445f2d4f985ae7128363421ac28f1cf438256cb40cdfd2fcf9ad439900dfc7796f9ab850e0445dbbfab5c23f29575eb

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                          Filesize

                                                                                                                          487KB

                                                                                                                          MD5

                                                                                                                          831a0aa25af2c60a7380ea75c321d930

                                                                                                                          SHA1

                                                                                                                          140ec306c24ab6f348c4dde5900b219d817e2026

                                                                                                                          SHA256

                                                                                                                          8cdde5daa52335c0a4e416f6fc22aa80744207a38fc276bd65341c2d2e903557

                                                                                                                          SHA512

                                                                                                                          0147937b2b2cf9bbf7e8dbee2d598e156c6ce4ddff224b3dc48caed96e89038ecdff1ace743b82fdf6155c40b674f4b1983693dbe45c39898487d3b7be258161

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                          Filesize

                                                                                                                          89KB

                                                                                                                          MD5

                                                                                                                          6c66566329b8f1f2a69392a74e726d4c

                                                                                                                          SHA1

                                                                                                                          7609ceb7d28c601a8d7279c8b5921742a64d28ce

                                                                                                                          SHA256

                                                                                                                          f512f4fb0d4855fc4aa78e26516e9ec1cfabc423a353cd01bc68ee6098dc56d6

                                                                                                                          SHA512

                                                                                                                          aca511bfaf9b464aff7b14998f06a7e997e22fcbe7728401a1e4bd7e4eceb8c938bbd820a16d471d0b5a0589d8807b426b97292fc2a28578a62e4681185556c3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                          Filesize

                                                                                                                          79KB

                                                                                                                          MD5

                                                                                                                          e51f388b62281af5b4a9193cce419941

                                                                                                                          SHA1

                                                                                                                          364f3d737462b7fd063107fe2c580fdb9781a45a

                                                                                                                          SHA256

                                                                                                                          348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

                                                                                                                          SHA512

                                                                                                                          1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                          Filesize

                                                                                                                          34KB

                                                                                                                          MD5

                                                                                                                          522037f008e03c9448ae0aaaf09e93cb

                                                                                                                          SHA1

                                                                                                                          8a32997eab79246beed5a37db0c92fbfb006bef2

                                                                                                                          SHA256

                                                                                                                          983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

                                                                                                                          SHA512

                                                                                                                          643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                          Filesize

                                                                                                                          17KB

                                                                                                                          MD5

                                                                                                                          240c4cc15d9fd65405bb642ab81be615

                                                                                                                          SHA1

                                                                                                                          5a66783fe5dd932082f40811ae0769526874bfd3

                                                                                                                          SHA256

                                                                                                                          030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

                                                                                                                          SHA512

                                                                                                                          267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                          Filesize

                                                                                                                          19KB

                                                                                                                          MD5

                                                                                                                          4d0bfea9ebda0657cee433600ed087b6

                                                                                                                          SHA1

                                                                                                                          f13c690b170d5ba6be45dedc576776ca79718d98

                                                                                                                          SHA256

                                                                                                                          67e7d8e61b9984289b6f3f476bbeb6ceb955bec823243263cf1ee57d7db7ae9a

                                                                                                                          SHA512

                                                                                                                          9136adec32f1d29a72a486b4604309aa8f9611663fa1e8d49079b67260b2b09cefdc3852cf5c08ca9f5d8ea718a16dbd8d8120ac3164b0d1519d8ef8a19e4ea5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                                          Filesize

                                                                                                                          259KB

                                                                                                                          MD5

                                                                                                                          34504ed4414852e907ecc19528c2a9f0

                                                                                                                          SHA1

                                                                                                                          0694ca8841b146adcaf21c84dedc1b14e0a70646

                                                                                                                          SHA256

                                                                                                                          c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810

                                                                                                                          SHA512

                                                                                                                          173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                          Filesize

                                                                                                                          62KB

                                                                                                                          MD5

                                                                                                                          8ccb0248b7f2abeead74c057232df42a

                                                                                                                          SHA1

                                                                                                                          c02bd92fea2df7ed12c8013b161670b39e1ec52f

                                                                                                                          SHA256

                                                                                                                          0a9fd0c7f32eabbb2834854c655b958ec72a321f3c1cf50035dd87816591cdcc

                                                                                                                          SHA512

                                                                                                                          6d6e3c858886c9d6186ad13b94dbc2d67918aa477fb7d70a7140223fab435cf109537c51ca7f4b2a0db00eead806bbe8c6b29b947b0be7044358d2823f5057ce

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14acfb2e72d6bc0e_0
                                                                                                                          Filesize

                                                                                                                          295KB

                                                                                                                          MD5

                                                                                                                          69ffbb8d1b02bbef56ff67e873b82682

                                                                                                                          SHA1

                                                                                                                          af28455b297a4ab6efef51556b118e24affecea7

                                                                                                                          SHA256

                                                                                                                          3da80611487ab9af2e8eced909f3dc9780d4ea0b8d9ac22d10fc443a502337f4

                                                                                                                          SHA512

                                                                                                                          50e771d103d1426840f3b4569f3bc926b3555eb8b1963e4ce5f1ee5c3311b0a0400c4ef494744ca8d1ca35a367d6f80e96f03b50f3d648919c45b16f6cf56cc9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26f1a435530e3442_0
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          4f3eae3c93903c4e0b9e5bbd506cf3af

                                                                                                                          SHA1

                                                                                                                          30f5ab97d8f5827c4067cbbbe7d53cbe2bfee0f4

                                                                                                                          SHA256

                                                                                                                          2f3707b0b7884e67df2fe3f31408939dbd5efef548152f480b2528c61f77f0a3

                                                                                                                          SHA512

                                                                                                                          eeb052e7beeea0a8b30d988dde5eb36448f248f85f3a62ad073e1a184d5d810d52f0010e7c255647c267ea80b8d36de97ae23796a95593045ac1420aa1e2a794

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0
                                                                                                                          Filesize

                                                                                                                          272B

                                                                                                                          MD5

                                                                                                                          6a993cf32d1166dc46317cfa623380f1

                                                                                                                          SHA1

                                                                                                                          ef022557125e7ff3abddce54db565658a7b55880

                                                                                                                          SHA256

                                                                                                                          0dc86f4cc8221534eea0b820aa35eb9d670bb1535dfb88b9b88e7e3c508cafcc

                                                                                                                          SHA512

                                                                                                                          c3de6b77aee0284c5aa773c747a68b253c23b1973ba1db93c02339af1bf23f4907ae48bdbed0206a971d91fbd9423d698ce9c07de07dee01854495f49ba90da5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56b2913b6363bdfa_0
                                                                                                                          Filesize

                                                                                                                          188KB

                                                                                                                          MD5

                                                                                                                          5c0725378ce92e805fbe3a3cc45733ee

                                                                                                                          SHA1

                                                                                                                          9d83a139dddab510447c73ca4f8a278c920d092c

                                                                                                                          SHA256

                                                                                                                          454ac6b41c3af1143af31cf6790ac8e99b19d4d1cce76f767a6dc836381bba0d

                                                                                                                          SHA512

                                                                                                                          41019d1b9eef6d01a826283624f906d0dbf0334f3e304721976cd8a46c2bc16c2b9a16bd6e3f8543def2c2f4caaaad2c3d3e1c016cabc265fbe998db0b4d8fa5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c896e8aae559d2_0
                                                                                                                          Filesize

                                                                                                                          291B

                                                                                                                          MD5

                                                                                                                          30ce3fcf6f6c73169f77aee2a33efa5a

                                                                                                                          SHA1

                                                                                                                          848268716b58c58fa88c817f602c32a71a0f5a5c

                                                                                                                          SHA256

                                                                                                                          9ca63110ed234292e1d5ca5e64fa1726547acf9569b3a68b7d0b3d4bc23e91c8

                                                                                                                          SHA512

                                                                                                                          c4841a5f76ece754265403e3084cc3709f2ac963656942b7d6c01dcc78d99f9f0ef7dee46420d99128ccae2e3fe07947f4a524bf198e5035f2b37e32f5ecac0d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e867ca3c9c75a923_0
                                                                                                                          Filesize

                                                                                                                          1.2MB

                                                                                                                          MD5

                                                                                                                          8baad6462754050d0ab7cf11349bf3b2

                                                                                                                          SHA1

                                                                                                                          fa388cc8a352b5bed6ddbd5ce032f6f1f9c7f1a2

                                                                                                                          SHA256

                                                                                                                          f105454bb440f93dd32991a79bad0aba21b140d03df3a4693f2c9cb31c21e8d3

                                                                                                                          SHA512

                                                                                                                          c5f999d0fe35b4e512c65b9aaddf061728504cbee82dd2d72d46c11137564afd69b88f507c6febb4b42411a094b63a579a05ca8e2119afa9f81d570230129e27

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e91da4b52bb26ef3_0
                                                                                                                          Filesize

                                                                                                                          297B

                                                                                                                          MD5

                                                                                                                          b5c69c2e0e23da311a095dacd262ea77

                                                                                                                          SHA1

                                                                                                                          b7449f88af5269ebf721f134e3bec15f2a10fcac

                                                                                                                          SHA256

                                                                                                                          a194cc725e5cd2488b534937eb8e312b92d008ffe664e8847470c681f86821c4

                                                                                                                          SHA512

                                                                                                                          32a1917132414baff4762964b7e2103cdf26f961be214174c8f599d61d0cabe3c98891143da855e27f37986128a8ab038f1fbfb142a4d5cd9bcaff373cee1ea4

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0
                                                                                                                          Filesize

                                                                                                                          269B

                                                                                                                          MD5

                                                                                                                          c491dbcff11343b4007b5d29427400a3

                                                                                                                          SHA1

                                                                                                                          e1798e919f2ef1db6f479881e2bc55656d2c7ae4

                                                                                                                          SHA256

                                                                                                                          aeda29ab5f275f1b1564211939b949f329c1dd08cc7e357278fcb4fc8a73699d

                                                                                                                          SHA512

                                                                                                                          8cc188b7e9ddaa51a7442f911c0ad862be5cab016eaa4e6220cd3126f4b92f4a5a6986fd6f981a63d61759428c82c2a3dfb5661e0173ffbbbc0b275ed6fe5d06

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f91e85b28bdb6627_0
                                                                                                                          Filesize

                                                                                                                          1.3MB

                                                                                                                          MD5

                                                                                                                          c4aa6dd96178692809435415696bc2bd

                                                                                                                          SHA1

                                                                                                                          3960fb2ceb945cfcde5a2b1f2c2901623be205a1

                                                                                                                          SHA256

                                                                                                                          b3b1a752d4ae7042a51df6c2489f941dc5fa6eb03186fbfae4c4a91331abf15f

                                                                                                                          SHA512

                                                                                                                          2c7ea489f563bb53b8bdab6f00a3ae529bfa2be6e1909328352cbf487f8ec3491accf258d3ddf93ca225e740788f2a311589969c636f9db9a6bb111fc30ca1e2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                          Filesize

                                                                                                                          437B

                                                                                                                          MD5

                                                                                                                          05592d6b429a6209d372dba7629ce97c

                                                                                                                          SHA1

                                                                                                                          b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                                                                                                          SHA256

                                                                                                                          3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                                                                                                          SHA512

                                                                                                                          caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          f13657c703633579b235a83004b95687

                                                                                                                          SHA1

                                                                                                                          22e72a75327605d66c143d3ede5da2a52248d531

                                                                                                                          SHA256

                                                                                                                          6dbadee4e1d57971b15e46ea19e75caf698c6df1857659b36d5077b43ffe4194

                                                                                                                          SHA512

                                                                                                                          0108a6fc81c6a26755cac4618812c0d216c2ebdea2303df2f5337955de2374916db912da20150ea83e5b4d931cd422f31585c84f9ab884f651fb72f3535f2f6b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          416c141e17e3b6ec2350b8ee45610fc5

                                                                                                                          SHA1

                                                                                                                          8df07cbd6590b382b5e754b0c7f928ebee8543eb

                                                                                                                          SHA256

                                                                                                                          48988919515968ee6c042cf028c91bf6e0c831170c0dd6c576656ca3fcfa07d1

                                                                                                                          SHA512

                                                                                                                          38aae69d928e8d2dde4ac5ee7bc85cde494b6ace98c0a760ad3d3b42129d491f57eb4cc6ec4b39ac1db8537d2649aecfa568ea68450a30a3e944973dae26a3f8

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          cf56dcac5dc28fe45196fd12ba769531

                                                                                                                          SHA1

                                                                                                                          e3f0a65d501547650e36fe3a74753735b4a4f5b5

                                                                                                                          SHA256

                                                                                                                          3146bbe7b045b657a50e8d73894d6e3dc5ad489e633fc1d66a19918749ae8f28

                                                                                                                          SHA512

                                                                                                                          59444db748eea2542b30affd844a8de5264f428ab49e0533765a5360e66e7ffac026b10dac4a3ce7c7ed66846ce24ee4b619d87a8edcd2d1b7b125f789b4c825

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          36c6cfa4402b418c8e49eb1af9dacdfe

                                                                                                                          SHA1

                                                                                                                          16327b9618a486ea0e0dbb9c340653c00f91a5de

                                                                                                                          SHA256

                                                                                                                          55e929c0aeaf1070864e2c566fb2b06dbab4c2889f1cb3de37ac4d0a54bcc1c3

                                                                                                                          SHA512

                                                                                                                          341414c4f68979e5263cb1c8a4df1f649e88a94aff7dffab16eb3bf17b35c71838218caf1a9f8ba8cc57205abf190a0736c36044493771bbab11eab87cf8c186

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          3a9631b2ac5f52b2af038c31bf430898

                                                                                                                          SHA1

                                                                                                                          0551a75fc1cd54cfbded6d5987cbc5ef659bf430

                                                                                                                          SHA256

                                                                                                                          95881ba0f2209c0b75f657f0a5c62f2905ccafa44145716a835a9226bc8199af

                                                                                                                          SHA512

                                                                                                                          59e1794c93746ebc4d4a3f916cb77151b13fceafab293853740830cd65c928ba62abf339bc358ba65f5edcdcb8e5b8843ccbb5ffc9b11cbb30775fb86ec827d3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          5ea8ce4da99871f392d5251899e9c037

                                                                                                                          SHA1

                                                                                                                          68f0c0ead542eafab3edf90edd413139f5c74407

                                                                                                                          SHA256

                                                                                                                          12b21fde5c72144900d2c097916eeee5285de1bcc3885ec582dacf1cbd7f557b

                                                                                                                          SHA512

                                                                                                                          0aba743dadf0339bcffa0344423174c95635b65bcf466ca2cfd4b10b8f1965283f72a6ecbbe3c55169d93b16f37286f7059b0d76cb69546de88392de1e932fde

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          5b638866a71a34e63f3decdc6aa3f798

                                                                                                                          SHA1

                                                                                                                          3b8a47e4ca834d40f7661af88cd041ea2eef03e4

                                                                                                                          SHA256

                                                                                                                          314562ed73b3bc1557384eeb9e05775f3c0996d169a9d68e2dc866234bf6caf4

                                                                                                                          SHA512

                                                                                                                          335f9a11ce265780df9b404dee2f042c09cbaf87d1fe0b4dca3989ff5d2227332744b0dbfad49a0d3661cb2d976eb48429068435626dfbf9cb80d9c7326cefb9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          4a288aa4e82fadb8724c0e9d13c2e185

                                                                                                                          SHA1

                                                                                                                          5140db80bdae10e230a3467dc6b5ed4862539984

                                                                                                                          SHA256

                                                                                                                          4766cd853e6d215ccfb49a69cb6616446dae86f53fc289a34e715f05686a69bc

                                                                                                                          SHA512

                                                                                                                          6d01a767715a75cbac1cf0717ad53cd603a0b0fe864dea695e9b27a346bc25fe7ad459c9f275d186952e3f508db16ac83a52870d3a33c3787fc7c4fe25b13f3d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          0540fa55d6e10f5654bb2549aec92d2e

                                                                                                                          SHA1

                                                                                                                          59d28b50a4af70df59094709b01b0f19ed87d855

                                                                                                                          SHA256

                                                                                                                          607bb1dd994cb2d6cd999d2b10e7b5f47405c20f9ef9119dccca9116a889f6c6

                                                                                                                          SHA512

                                                                                                                          ec20636398be876ec1cf858dc05902d4e488c792e96411881e6913d0e019fa6595c401ffce5b3039631397986cb60fe983407809f839a603d3eb0b8596adf58a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          6564591e104190978ca216188dac6efe

                                                                                                                          SHA1

                                                                                                                          329c24e8db1f3d9ee3ce6687257470ec3d24b8da

                                                                                                                          SHA256

                                                                                                                          41e1436787b560d54c868999ac9048a01fad381c311737042272e72d1e9b1a57

                                                                                                                          SHA512

                                                                                                                          ee9cc8e2d4f4fa001bd5f3e16c4e9daa1d660671159fe86d78bb69785f57e91bd9ca4804715c67b650023d7c0388efae39c9f81e66aa60f73135ee1fa91b9581

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          97d8f88c793a6dc4b5c29295cdffd839

                                                                                                                          SHA1

                                                                                                                          81ee9d368fe8df776f6dbc90373c1b5297ed945d

                                                                                                                          SHA256

                                                                                                                          c4d2fd41a6c30d176f74d36e17acf552278de337a2535593ef3d2b35b1b34e6b

                                                                                                                          SHA512

                                                                                                                          2e5c556ab3228cd2b16b251e827998a4a35efefc35e7434b885a790e07c2ac531e153b346d06bf300f1753ee8bff5d9b18e6d8292630d501b8998f8cfc813346

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          2e9490fc0ff0ebb80ba4ffdd4ae52ca7

                                                                                                                          SHA1

                                                                                                                          1e35163638e169038ef1ac0f5be3b70e614f5374

                                                                                                                          SHA256

                                                                                                                          863c069617a9769ba3af5c57523fc44e3269eb6741690a08280687a700120a94

                                                                                                                          SHA512

                                                                                                                          8424a1c3da59e1122c267fc44ca9265e56225bdaaa95a18ddcc64a77d657d236c272b479ac4096ecfec9ee5c8542437f6e30cdaf9a550686ddebd553c5587ed5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          367B

                                                                                                                          MD5

                                                                                                                          6c2c26a0750860634ebb9b8fbc54d6bf

                                                                                                                          SHA1

                                                                                                                          d126997b09a117e85e0a086d6cb975fadbaf70d0

                                                                                                                          SHA256

                                                                                                                          443940c3e4cd97c7e122592ba4228c861215f6545b8e767892d0a07c4ba0cf55

                                                                                                                          SHA512

                                                                                                                          34af84356dd1f5f00008cc4c4c3ef720a2e7d3a7943ee74ae8ba20319f28b96b1cf9ee177d696eca11fac05d0d0d0afc51ed387ba726c493ac31ec8e3ad571eb

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          c8627c33911fc8e9518cb643504a953f

                                                                                                                          SHA1

                                                                                                                          0c53efc82f75de5ec07c8e3a589cd781e13c7ae5

                                                                                                                          SHA256

                                                                                                                          9446bd1a72cf7d29e258b1516e8e6af41a5e5791b1e6353e1724125adb33ecb6

                                                                                                                          SHA512

                                                                                                                          ce7b7f6ff52ded2ea2d1710ce15be9c07081a93b4d34b794e59c37ea7d5f2d49dc87acc1ac84d7f9705ffbf1d4b9842c8e767254e4be1dfae9971ca21eb346d9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586184.TMP
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          fed3829e08815fc8a6ef4b663543a6c5

                                                                                                                          SHA1

                                                                                                                          56c8feb67cc0492b7e295f17c6909d843e5589a7

                                                                                                                          SHA256

                                                                                                                          733d6572d879af0bffad140be6424bd907a23d5d871f8d03ce67ff56da880260

                                                                                                                          SHA512

                                                                                                                          ee0b3e39a6037e25dc4a32882ffe74b8a838b15409abb0b3e06678b370056e35c4d26f5a2d89b3c9ee57e2eebed84fb2cbaa834093a977537793c05e11fc51cc

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                          SHA1

                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                          SHA256

                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                          SHA512

                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          46ac3336760fe0e3cf3251d741873de0

                                                                                                                          SHA1

                                                                                                                          afcf92d74f64114c00f378fd0409ed26a2944698

                                                                                                                          SHA256

                                                                                                                          ca57dc963d1e02a9dccae922596e5d1d75c4610605cb3c6d5dd6f9d045aed55c

                                                                                                                          SHA512

                                                                                                                          94d213a1f72c10e362b476938337aa913b59a4165f0b24c03d07694e5b1e4accbbc4ee098a4b5f53f3f1c41937f5c28f6c6f2a42dbe1585c515c67726305802d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                          Filesize

                                                                                                                          18KB

                                                                                                                          MD5

                                                                                                                          a4eb48a05d44f8a345a42bcf141bd2d8

                                                                                                                          SHA1

                                                                                                                          aeb7c6029e0b8b3bff6493ccf479b6f9afb7b363

                                                                                                                          SHA256

                                                                                                                          684a8a7b7f2fda25a04f9b10f518d7ebef4758d1b210fb708b93564766726e38

                                                                                                                          SHA512

                                                                                                                          11a4923da8c6ef24f3b6dedade74c1c2239418e492ed4d5d08a2d8ffa0ec7016f48c90db9ce77b62fa379dd56f3cd965fe32a8165b5740cb55dc2bca8cae26ef

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_23jm2i4w.nqk.ps1
                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
                                                                                                                          Filesize

                                                                                                                          962KB

                                                                                                                          MD5

                                                                                                                          4a9440baa61be8363a372b0bbc5933ad

                                                                                                                          SHA1

                                                                                                                          9aa5380dc87829c6fa22e9029cadcab9f6221ef9

                                                                                                                          SHA256

                                                                                                                          51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c

                                                                                                                          SHA512

                                                                                                                          648bd4434ce14e15c3faba25945525fffec6dad028e8fe26982d70096ccd448ca6e114e10739b1e990ea65970db97897713b8054450f1cd98c9aacb596436b0c

                                                                                                                          Download Submit

                                                                                                                        • memory/1644-96-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1644-15-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1644-11-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1644-12-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1644-14-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1800-650-0x00000000012A0000-0x0000000001398000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/1948-10-0x00000000067B0000-0x0000000006874000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          784KB

                                                                                                                          Download

                                                                                                                        • memory/1948-4-0x0000000074DF0000-0x00000000755A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/1948-3-0x0000000004EE0000-0x0000000004F72000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          584KB

                                                                                                                          Download

                                                                                                                        • memory/1948-5-0x0000000004ED0000-0x0000000004EDA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/1948-6-0x0000000005110000-0x00000000051AC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          624KB

                                                                                                                          Download

                                                                                                                        • memory/1948-7-0x0000000005240000-0x0000000005254000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/1948-0-0x0000000074DFE000-0x0000000074DFF000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1948-9-0x0000000074DF0000-0x00000000755A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/1948-8-0x0000000074DFE000-0x0000000074DFF000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1948-1-0x00000000003C0000-0x00000000004B8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/1948-98-0x0000000074DF0000-0x00000000755A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/1948-2-0x00000000053F0000-0x0000000005994000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.6MB

                                                                                                                          Download

                                                                                                                        • memory/2288-150-0x0000000005B10000-0x0000000005B5C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/2288-165-0x0000000007010000-0x0000000007024000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/2288-164-0x0000000006FC0000-0x0000000006FD1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          Download

                                                                                                                        • memory/2288-163-0x0000000006D00000-0x0000000006DA3000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          652KB

                                                                                                                          Download

                                                                                                                        • memory/2288-153-0x000000006E9B0000-0x000000006E9FC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/2288-148-0x0000000005390000-0x00000000056E4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/2784-253-0x00000000006D0000-0x00000000007C8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/4244-134-0x0000000000A00000-0x0000000000AF8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/4356-351-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-130-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-169-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-152-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-147-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-137-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-136-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-126-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-127-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-170-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-133-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-686-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-685-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-509-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-508-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4356-352-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4624-97-0x0000000005680000-0x0000000005694000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/4700-112-0x0000000007550000-0x0000000007BCA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.5MB

                                                                                                                          Download

                                                                                                                        • memory/4700-91-0x0000000005BD0000-0x0000000005BEE000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          120KB

                                                                                                                          Download

                                                                                                                        • memory/4700-115-0x0000000007180000-0x0000000007216000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          600KB

                                                                                                                          Download

                                                                                                                        • memory/4700-18-0x0000000074DFE000-0x0000000074DFF000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4700-114-0x0000000006F70000-0x0000000006F7A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/4700-113-0x0000000006F00000-0x0000000006F1A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4700-19-0x00000000022A0000-0x00000000022D6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          216KB

                                                                                                                          Download

                                                                                                                        • memory/4700-110-0x00000000061F0000-0x000000000620E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          120KB

                                                                                                                          Download

                                                                                                                        • memory/4700-111-0x0000000006BD0000-0x0000000006C73000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          652KB

                                                                                                                          Download

                                                                                                                        • memory/4700-100-0x000000006EDC0000-0x000000006EE0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4700-99-0x00000000061B0000-0x00000000061E2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          200KB

                                                                                                                          Download

                                                                                                                        • memory/4700-117-0x0000000007130000-0x000000000713E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          56KB

                                                                                                                          Download

                                                                                                                        • memory/4700-94-0x0000000005C70000-0x0000000005CBC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4700-116-0x0000000007100000-0x0000000007111000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          Download

                                                                                                                        • memory/4700-83-0x0000000005610000-0x0000000005964000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/4700-118-0x0000000007140000-0x0000000007154000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/4700-119-0x0000000007240000-0x000000000725A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4700-72-0x0000000004CA0000-0x0000000004D06000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          408KB

                                                                                                                          Download

                                                                                                                        • memory/4700-73-0x00000000054A0000-0x0000000005506000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          408KB

                                                                                                                          Download

                                                                                                                        • memory/4700-71-0x0000000004B00000-0x0000000004B22000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/4700-21-0x0000000004E00000-0x0000000005428000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/4700-120-0x0000000007220000-0x0000000007228000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          Download

                                                                                                                        • memory/4700-123-0x0000000074DF0000-0x00000000755A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4700-22-0x0000000074DF0000-0x00000000755A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4700-20-0x0000000074DF0000-0x00000000755A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/5144-447-0x0000000000A20000-0x0000000000B18000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/5252-354-0x0000000001000000-0x00000000010F8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/5288-747-0x0000000000600000-0x00000000006F8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download