Overview

overview

10

Static

static

3

51c0bcbc40...2c.exe

windows7-x64

10

51c0bcbc40...2c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2025 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c.exe

  • Size

    962KB

  • MD5

    4a9440baa61be8363a372b0bbc5933ad

  • SHA1

    9aa5380dc87829c6fa22e9029cadcab9f6221ef9

  • SHA256

    51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c

  • SHA512

    648bd4434ce14e15c3faba25945525fffec6dad028e8fe26982d70096ccd448ca6e114e10739b1e990ea65970db97897713b8054450f1cd98c9aacb596436b0c

  • SSDEEP

    24576:fdFeteG2H+FLBvmhCWWmLiUZklZGIo/KCrB:FA9w+bvmhCWWpUZkbDo5rB

Score
10/10
remcosgraiasdiscoveryexecutionpersistencerat

Malware Config

Extracted

Family

remcos

Botnet

Graias

C2

185.234.72.215:4444

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    graias.exe

  • copy_folder

    Graias

  • delete_file

    false

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    graias

  • mouse_option

    false

  • mutex

    Rmc-O844B9

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 9 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c.exe
    "C:\Users\Admin\AppData\Local\Temp\51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4864
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c.exe"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4512
    • C:\Users\Admin\AppData\Local\Temp\51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c.exe
      "C:\Users\Admin\AppData\Local\Temp\51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c.exe"
      2⤵
      • Checks computer location settings
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1120
      • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
        "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2396
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3480
        • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
          "C:\Users\Admin\AppData\Roaming\Graias\graias.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4408
          • C:\Windows\SysWOW64\svchost.exe
            svchost.exe
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3000
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
              6⤵
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:1628
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                7⤵
                  PID:1272
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                  7⤵
                    PID:2152
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
                    7⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1296
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
                    7⤵
                      PID:2736
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
                      7⤵
                        PID:2584
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                        7⤵
                          PID:2300
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                          7⤵
                            PID:1028
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
                            7⤵
                              PID:3704
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
                              7⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2904
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                              7⤵
                                PID:4216
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                                7⤵
                                  PID:1896
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                                  7⤵
                                    PID:1164
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                    7⤵
                                      PID:4944
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                                      7⤵
                                        PID:2300
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
                                        7⤵
                                          PID:3860
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
                                          7⤵
                                            PID:2320
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                                            7⤵
                                              PID:5128
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                              7⤵
                                                PID:5460
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
                                                7⤵
                                                  PID:5544
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
                                                  7⤵
                                                    PID:6056
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
                                                    7⤵
                                                      PID:6136
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
                                                      7⤵
                                                        PID:3132
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
                                                        7⤵
                                                          PID:5696
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                                                          7⤵
                                                            PID:4920
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
                                                            7⤵
                                                              PID:6036
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
                                                              7⤵
                                                                PID:5328
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                                                                7⤵
                                                                  PID:5716
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
                                                                  7⤵
                                                                    PID:5988
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                                                                    7⤵
                                                                      PID:5232
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                                                      7⤵
                                                                        PID:5176
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
                                                                        7⤵
                                                                          PID:4468
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
                                                                          7⤵
                                                                            PID:5340
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                                                                            7⤵
                                                                              PID:3844
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
                                                                              7⤵
                                                                                PID:1924
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,14653739908490326955,15893766874315014832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
                                                                                7⤵
                                                                                  PID:1840
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                6⤵
                                                                                  PID:4816
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                    7⤵
                                                                                      PID:4652
                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                  svchost.exe
                                                                                  5⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:4648
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                    6⤵
                                                                                      PID:2876
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                        7⤵
                                                                                          PID:2040
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                        6⤵
                                                                                          PID:5364
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                            7⤵
                                                                                              PID:5376
                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                          svchost.exe
                                                                                          5⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:5420
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                            6⤵
                                                                                              PID:5980
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                7⤵
                                                                                                  PID:5992
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                6⤵
                                                                                                  PID:5348
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                    7⤵
                                                                                                      PID:5352
                                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                                  svchost.exe
                                                                                                  5⤵
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:1904
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                    6⤵
                                                                                                      PID:2984
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                        7⤵
                                                                                                          PID:1752
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                        6⤵
                                                                                                          PID:5688
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                            7⤵
                                                                                                              PID:5196
                                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                                          svchost.exe
                                                                                                          5⤵
                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                          PID:5544
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                            6⤵
                                                                                                              PID:5928
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                                7⤵
                                                                                                                  PID:1644
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                6⤵
                                                                                                                  PID:3176
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                                    7⤵
                                                                                                                      PID:4928
                                                                                                                • C:\Windows\SysWOW64\svchost.exe
                                                                                                                  svchost.exe
                                                                                                                  5⤵
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:3284
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                    6⤵
                                                                                                                      PID:4204
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                                        7⤵
                                                                                                                          PID:2652
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
                                                                                                                        6⤵
                                                                                                                          PID:5180
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa99e246f8,0x7ffa99e24708,0x7ffa99e24718
                                                                                                                            7⤵
                                                                                                                              PID:5636
                                                                                                                        • C:\Windows\SysWOW64\svchost.exe
                                                                                                                          svchost.exe
                                                                                                                          5⤵
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:5540
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 1188
                                                                                                                        4⤵
                                                                                                                        • Program crash
                                                                                                                        PID:5016
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 1400
                                                                                                                    2⤵
                                                                                                                    • Program crash
                                                                                                                    PID:1736
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4864 -ip 4864
                                                                                                                  1⤵
                                                                                                                    PID:1128
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2396 -ip 2396
                                                                                                                    1⤵
                                                                                                                      PID:4420
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:5048
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:4392

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          968cb9309758126772781b83adb8a28f

                                                                                                                          SHA1

                                                                                                                          8da30e71accf186b2ba11da1797cf67f8f78b47c

                                                                                                                          SHA256

                                                                                                                          92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                                                                                                          SHA512

                                                                                                                          4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          34d2c4f40f47672ecdf6f66fea242f4a

                                                                                                                          SHA1

                                                                                                                          4bcad62542aeb44cae38a907d8b5a8604115ada2

                                                                                                                          SHA256

                                                                                                                          b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                                                                                                                          SHA512

                                                                                                                          50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          8749e21d9d0a17dac32d5aa2027f7a75

                                                                                                                          SHA1

                                                                                                                          a5d555f8b035c7938a4a864e89218c0402ab7cde

                                                                                                                          SHA256

                                                                                                                          915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                                                                                                                          SHA512

                                                                                                                          c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          MD5

                                                                                                                          0cccccd82d68d5ff076e1bd047436ec8

                                                                                                                          SHA1

                                                                                                                          0b9d6ebef9ac1c03f8138e9fc9203f9cd69d2a73

                                                                                                                          SHA256

                                                                                                                          0e9d24e58133fdae2fe766ece9358afdc57da1568485bf36182851b6c1291246

                                                                                                                          SHA512

                                                                                                                          84c357d75e1b7c25249ef826bf5ea9ef4445f2d4f985ae7128363421ac28f1cf438256cb40cdfd2fcf9ad439900dfc7796f9ab850e0445dbbfab5c23f29575eb

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                                                                          Filesize

                                                                                                                          487KB

                                                                                                                          MD5

                                                                                                                          831a0aa25af2c60a7380ea75c321d930

                                                                                                                          SHA1

                                                                                                                          140ec306c24ab6f348c4dde5900b219d817e2026

                                                                                                                          SHA256

                                                                                                                          8cdde5daa52335c0a4e416f6fc22aa80744207a38fc276bd65341c2d2e903557

                                                                                                                          SHA512

                                                                                                                          0147937b2b2cf9bbf7e8dbee2d598e156c6ce4ddff224b3dc48caed96e89038ecdff1ace743b82fdf6155c40b674f4b1983693dbe45c39898487d3b7be258161

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                          Filesize

                                                                                                                          89KB

                                                                                                                          MD5

                                                                                                                          6c66566329b8f1f2a69392a74e726d4c

                                                                                                                          SHA1

                                                                                                                          7609ceb7d28c601a8d7279c8b5921742a64d28ce

                                                                                                                          SHA256

                                                                                                                          f512f4fb0d4855fc4aa78e26516e9ec1cfabc423a353cd01bc68ee6098dc56d6

                                                                                                                          SHA512

                                                                                                                          aca511bfaf9b464aff7b14998f06a7e997e22fcbe7728401a1e4bd7e4eceb8c938bbd820a16d471d0b5a0589d8807b426b97292fc2a28578a62e4681185556c3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                          Filesize

                                                                                                                          79KB

                                                                                                                          MD5

                                                                                                                          e51f388b62281af5b4a9193cce419941

                                                                                                                          SHA1

                                                                                                                          364f3d737462b7fd063107fe2c580fdb9781a45a

                                                                                                                          SHA256

                                                                                                                          348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

                                                                                                                          SHA512

                                                                                                                          1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                          Filesize

                                                                                                                          34KB

                                                                                                                          MD5

                                                                                                                          522037f008e03c9448ae0aaaf09e93cb

                                                                                                                          SHA1

                                                                                                                          8a32997eab79246beed5a37db0c92fbfb006bef2

                                                                                                                          SHA256

                                                                                                                          983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

                                                                                                                          SHA512

                                                                                                                          643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                          Filesize

                                                                                                                          17KB

                                                                                                                          MD5

                                                                                                                          240c4cc15d9fd65405bb642ab81be615

                                                                                                                          SHA1

                                                                                                                          5a66783fe5dd932082f40811ae0769526874bfd3

                                                                                                                          SHA256

                                                                                                                          030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

                                                                                                                          SHA512

                                                                                                                          267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                          Filesize

                                                                                                                          19KB

                                                                                                                          MD5

                                                                                                                          4d0bfea9ebda0657cee433600ed087b6

                                                                                                                          SHA1

                                                                                                                          f13c690b170d5ba6be45dedc576776ca79718d98

                                                                                                                          SHA256

                                                                                                                          67e7d8e61b9984289b6f3f476bbeb6ceb955bec823243263cf1ee57d7db7ae9a

                                                                                                                          SHA512

                                                                                                                          9136adec32f1d29a72a486b4604309aa8f9611663fa1e8d49079b67260b2b09cefdc3852cf5c08ca9f5d8ea718a16dbd8d8120ac3164b0d1519d8ef8a19e4ea5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                                          Filesize

                                                                                                                          259KB

                                                                                                                          MD5

                                                                                                                          34504ed4414852e907ecc19528c2a9f0

                                                                                                                          SHA1

                                                                                                                          0694ca8841b146adcaf21c84dedc1b14e0a70646

                                                                                                                          SHA256

                                                                                                                          c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810

                                                                                                                          SHA512

                                                                                                                          173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                          Filesize

                                                                                                                          62KB

                                                                                                                          MD5

                                                                                                                          8ccb0248b7f2abeead74c057232df42a

                                                                                                                          SHA1

                                                                                                                          c02bd92fea2df7ed12c8013b161670b39e1ec52f

                                                                                                                          SHA256

                                                                                                                          0a9fd0c7f32eabbb2834854c655b958ec72a321f3c1cf50035dd87816591cdcc

                                                                                                                          SHA512

                                                                                                                          6d6e3c858886c9d6186ad13b94dbc2d67918aa477fb7d70a7140223fab435cf109537c51ca7f4b2a0db00eead806bbe8c6b29b947b0be7044358d2823f5057ce

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26f1a435530e3442_0
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          8c72ebfeda213be3d2ec452fa9e86bd3

                                                                                                                          SHA1

                                                                                                                          f730f28c386065a4aff2694be5f96ece1dc8df40

                                                                                                                          SHA256

                                                                                                                          ca86be752819c6be166bd63d79d1d80788313d55f19c1f3d5f17dfde7234b65b

                                                                                                                          SHA512

                                                                                                                          8c289cbf6c6c9b25e622631adde917be5fb4c9e0c4abab24580a43e24d0ec2bab15e2c56c59254349571271c0934c5b27aa037297083bb33218e3ac55e270d24

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0
                                                                                                                          Filesize

                                                                                                                          272B

                                                                                                                          MD5

                                                                                                                          4a6dfe6cb66b07dd4513874119a366e8

                                                                                                                          SHA1

                                                                                                                          6b27d39e8c5507f686ad0e862045be9c82a7dc78

                                                                                                                          SHA256

                                                                                                                          3884c65c7c4069448766ba21530f7a7c3010371bc5230409b2fdf56dd34f708f

                                                                                                                          SHA512

                                                                                                                          54136049f16a293988160b7df2a816d09adc385b65f4ec17b4b0613a81ba4857a795da3ddebf130795cfca4a9e4783a596a548710f8b8d52b9531556ec8d7094

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46e3fff2bf5d0ad3_0
                                                                                                                          Filesize

                                                                                                                          188KB

                                                                                                                          MD5

                                                                                                                          841c2a455d4f4e63332d7a20a11d5daf

                                                                                                                          SHA1

                                                                                                                          2c095309e1de2a59fd877c1adf0f87c2a33eed5c

                                                                                                                          SHA256

                                                                                                                          2ff25f31b3f87e797bf33a53eb9efa46ab769f56727e14126bfc5ccc74c106a4

                                                                                                                          SHA512

                                                                                                                          020e3c374c9c17e8df21237e7e0e1ffeafbbbc97e5222f25af4b40ffd1e7931a619f2de2b0d3f6ac0d4a51344cc0d00d47771bb282e77797155a4eb4293be5ac

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c19eaa90200bd24_0
                                                                                                                          Filesize

                                                                                                                          1.3MB

                                                                                                                          MD5

                                                                                                                          c1f0c0fa72cdbc00233e80467bb8c29b

                                                                                                                          SHA1

                                                                                                                          f67262d4eda3577264165cc36cf8b62aca51e22f

                                                                                                                          SHA256

                                                                                                                          5f8e214775398b7d0d6f61ec34967808fb3784576637413ff9447b04e96f1bab

                                                                                                                          SHA512

                                                                                                                          a3e44638ebfd4bd86e6de563442d9e59c659d284d013285085602d907bef16a286d96221c02af947e010fb453c3a1acf8020ff8b78bd77ad74cfe0b53b208466

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c896e8aae559d2_0
                                                                                                                          Filesize

                                                                                                                          291B

                                                                                                                          MD5

                                                                                                                          fa747f1d8b7b38bd091c9f40b26d9b88

                                                                                                                          SHA1

                                                                                                                          9e491d230c678e626a683731f866408d6f203684

                                                                                                                          SHA256

                                                                                                                          ceb88f357a457453de9c98d9f3b9d458bcc17d90ca07c43422e1714713e49b43

                                                                                                                          SHA512

                                                                                                                          302d6583f9e022ab53bb124711f829affcfa24ea3f0cc8dd0e6770c88e3a35f89ea48cb6a15402e481b96c8849f195564a3e953a1293cc3ea9ef589caf33bdf6

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6fd879728b86e41_0
                                                                                                                          Filesize

                                                                                                                          1.2MB

                                                                                                                          MD5

                                                                                                                          c539d11bdcdcf66cc5199ef8c3b01de2

                                                                                                                          SHA1

                                                                                                                          778b916bed38dbdbbc5bc0af099d707e90f2c7cf

                                                                                                                          SHA256

                                                                                                                          2c850a194a5a8fc3e043b2c81ee3170dfa589502ecab9d333c83608c00937175

                                                                                                                          SHA512

                                                                                                                          ba4a3af6859c8bd5cb2ac360e3af97ddf47d9bb35900f440a4ce04f9d030bef5a453293ce00a857b65210747f163d0e6940c7ee985f02bab071ec8d9b6c38a0d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e91da4b52bb26ef3_0
                                                                                                                          Filesize

                                                                                                                          297B

                                                                                                                          MD5

                                                                                                                          637443dbef3b6bdd2ec15905e8bb0121

                                                                                                                          SHA1

                                                                                                                          bca0216f9e8a3bbfb2b0dd0cbd5c42eb21af29d6

                                                                                                                          SHA256

                                                                                                                          fe3e6411b390d619bb21531f5b42195d579bb6307a83e48c075c163febbf910f

                                                                                                                          SHA512

                                                                                                                          9008fd9f1025bb0f28e4da9778fc1c9257328c36fe8460f932945d0b72f708d6a2d08d3d3e2ec28e37740334190b161d1946f32e99355e8260b32f342603bf68

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0
                                                                                                                          Filesize

                                                                                                                          269B

                                                                                                                          MD5

                                                                                                                          77385c43f9abc60cf6bd2b12c5fe72bb

                                                                                                                          SHA1

                                                                                                                          8e1164e1487ccaa4e7a02098cf17a4fc36db861e

                                                                                                                          SHA256

                                                                                                                          5e6f880c4fecb3d2ce705a29397bae2fb6d56d49d58cf0e95fa611914e4a6eb3

                                                                                                                          SHA512

                                                                                                                          e6f7f860be56ebaa649b1d5292351d28cc383182e35f046cdabde7be0a148cb95c389280699c9b24de8b66e704335b4e4a502b9bec093d22bf62c028ab7b8c5c

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3e48769d70f258d_0
                                                                                                                          Filesize

                                                                                                                          295KB

                                                                                                                          MD5

                                                                                                                          16e4cf35a1d57df888a9df1ff893a0e9

                                                                                                                          SHA1

                                                                                                                          cbc234aee71f66527989ea9c301cc9db039bd529

                                                                                                                          SHA256

                                                                                                                          1c845c21b64054a0084ce1534045782025d2b19a327101101f6dd049cd2397b6

                                                                                                                          SHA512

                                                                                                                          a88842d1de012af1d8f1118ceb4cdf6658a7f44a57eef2b46bf8a016fdce1e0a1fabd63b590f1d4e9b2c8427b7579a59734529b8f3aa0d9dc1a58d49d34d4ac9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                          Filesize

                                                                                                                          437B

                                                                                                                          MD5

                                                                                                                          05592d6b429a6209d372dba7629ce97c

                                                                                                                          SHA1

                                                                                                                          b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                                                                                                          SHA256

                                                                                                                          3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                                                                                                          SHA512

                                                                                                                          caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          864680205288533c4cf56f762e1b0753

                                                                                                                          SHA1

                                                                                                                          4bbfbc7374e1c2950294f0b118fe0ca00d07c917

                                                                                                                          SHA256

                                                                                                                          d2c44a62b84d9e4c74e973ad5b66cd0a63958b3afaa37214b2014c6041ef7d3e

                                                                                                                          SHA512

                                                                                                                          bcd0241fbb08b162522a655d3625e3fa6b969394dc39c1ca8a123256624b71e68c2860a7a02c0c58ef7ef30b831d35f5b7c0849cd25a08125c142efa2d0e0034

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          01b25317e6f7d0c8530d4f3f631da076

                                                                                                                          SHA1

                                                                                                                          f9a1af472bcfcaba2a3341cb1568c4f95ef26f92

                                                                                                                          SHA256

                                                                                                                          3626c1fcb2769afbbc3780559cc84ed6141677afd2d974b5d455e387644f8763

                                                                                                                          SHA512

                                                                                                                          043ab886525d8a0ea7c890dafc69175a8c7e961c188c2a19d3c1e73f8d79286f011994859994343a0df73b6c86c0ef34c38d7c8ec8ea107426ebd3c35e40ac13

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          28cd441d98329a7fdd3dd7e271f40975

                                                                                                                          SHA1

                                                                                                                          66f76637754b07c006b9944aae547d68c8ed0998

                                                                                                                          SHA256

                                                                                                                          3dae57793622e84012bf38fc982affc89518147c714a0c7f3a5033be68a1def5

                                                                                                                          SHA512

                                                                                                                          efabbe39476f87fe74e240d5c8bdcb81aabde0f00ada3a2638da8e3f0e32a8825a5def4ee937455f34a384b564447722cc073bac43b51f1ae1ea212d23999c38

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          1896524977de60ab2b520f456bdd86f9

                                                                                                                          SHA1

                                                                                                                          d3d05b1763cb5bea5d9e38df1998e8920a5907fd

                                                                                                                          SHA256

                                                                                                                          19637bedd310c274c1a5d48523106db2a7b7e89fb985ae9e4e2d5c628e90404c

                                                                                                                          SHA512

                                                                                                                          c6fe143754c58f28b23fd338c3622ed351166eb45350267eba04729459d63d62f5a42be151834a0833d73f3b0abc5adfe6257fb16e0ee1ecd018e01f1dd131b8

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          c0b421d4f81a54b1782c4fd9419f2106

                                                                                                                          SHA1

                                                                                                                          143dcd4cb6bb328fc3d8ab0ccde4b07a2ad58d56

                                                                                                                          SHA256

                                                                                                                          36e50c2ac5737366dafe4689182e420d77b28904690e8df81c3b84937bd75397

                                                                                                                          SHA512

                                                                                                                          9db1c57b9963e8a9ae865c83b141da464d71beb84e97237ff6ec6482d6d9713c749de32bfde197da07b95015e2b04d2de67b587f842251a873a41fa18bb2824e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          9b95a1d485c37f16ddb613457a0ce89a

                                                                                                                          SHA1

                                                                                                                          9f376f414e38a4d0e8021b01379a890e880238ee

                                                                                                                          SHA256

                                                                                                                          0a6c5f3f6c3eef5f65c56fb4aa9f4a0bc5a584dcb27ed8e4dd2b0e7219a4cf34

                                                                                                                          SHA512

                                                                                                                          3932736e37e03b2d532d6747ab2d04ed49d2445f3e189641c041d98c1838f2135aa1cbeebbede26e875d82147edd89212f23963dcdc28df8dd670d58c550ab13

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          d3572eb22d18707468e46811b80b0090

                                                                                                                          SHA1

                                                                                                                          a1f588ff5a6461ee534b42aa13e6d339fd1c02ed

                                                                                                                          SHA256

                                                                                                                          4c17d0127a1bd5e8dabe8ebce312002a591ee5357d5a3420ee7f8f57d8ef0af5

                                                                                                                          SHA512

                                                                                                                          557ad061bc8b3cd55250ee1f424e54e9ebb4dbaf801628bce3fece508a34090a108312a7a0d5f9f0e038f5bad19a7d2e0d6fe7ec61158e6a9197e523452c2fbd

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          1e5622861f3424b283bb0b461aa3fde5

                                                                                                                          SHA1

                                                                                                                          7b5feb29dbb02cecf4228c98f99f79297f2d19c6

                                                                                                                          SHA256

                                                                                                                          17867f1b8440b7ee8b16aaa4539840f7426105cd0e6a8d2730f673545af06a5c

                                                                                                                          SHA512

                                                                                                                          21730e1caa822ee2c424ab3bfce099fdfc33bf31d5a254b4998d15dffa915ad5fe566bcff894c30cd29cc9c55448d73ffc68a18c2db4c5ae5dd9fc7330c3da9b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          84b9ebe3e301afcc8903cf9db23d8ad2

                                                                                                                          SHA1

                                                                                                                          448d8b61cea879ccfd6a8d2e93e01d5309faeabd

                                                                                                                          SHA256

                                                                                                                          8baa42e02cccd1ce76c2d91dc85bb5d4dec814be6ba8504f16e77602eec013c1

                                                                                                                          SHA512

                                                                                                                          7f0b7948b2a4ea545109f065000bbd6e5dd66be0d347dbb89d3de6d1d234a57ea02fe8b579696f88db81a5b19624d247c242f9ed4508ec07e0ff33d56e212c41

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          f9131a931b5ba92d0f2d12b0a9046393

                                                                                                                          SHA1

                                                                                                                          62224bafee4040643247f5283e05604adb02cb1c

                                                                                                                          SHA256

                                                                                                                          4b258de39f842bda68a888bff38a5281503a9ba38f63632c8e8f10e11ac507ae

                                                                                                                          SHA512

                                                                                                                          39480bb8dad11d8966882b0170dc0d032daf8eb2148279f2a365ca8b8d528ae3113d90c7bb1d10b05fc8d8cffff7fe28cad5af56f6c501abbcb4e7a09b83a49e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          6c3771836b180447eb27061efe969b49

                                                                                                                          SHA1

                                                                                                                          7864aef868693d64e6d27a0d1612e8023eaac4ce

                                                                                                                          SHA256

                                                                                                                          ba5fb38f6c07006df6e53eab808263443199171ba5b8618e7973cf573deb60b2

                                                                                                                          SHA512

                                                                                                                          dfc8e492abc4f049ed0f7e07bc3b405694b4e3c7cb9b901a38a71e434e49b930649dba4101f98a48bcaf94c7127ef51a386f29287356792c203d36c220751f39

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          367B

                                                                                                                          MD5

                                                                                                                          b7e8f3214172beeef08d10639d4e57ac

                                                                                                                          SHA1

                                                                                                                          29f26bc505209f7cdddf82498d5410100d9b53d1

                                                                                                                          SHA256

                                                                                                                          3e59f44d8a13c2b557763d7ce3c84dad2649e9fee898863e04c402714e746fc5

                                                                                                                          SHA512

                                                                                                                          b671670b6a465b94035c4136e032dbf2b10380cd44ede958a6ff562fcd4c0a3bf6451e8aa2f641e65c30519de6310d422c7acbaf12b86d03b0e8035feeabc8e7

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          77a2e939074c01fbb92c6f13e62aa6eb

                                                                                                                          SHA1

                                                                                                                          a09f18b12d7aefa07a19df8dbbd02a20e0c26507

                                                                                                                          SHA256

                                                                                                                          1b48f0b1a4f4e4277538ab5dc284b022c0ec915aa1a42e94deaddaf90b30f678

                                                                                                                          SHA512

                                                                                                                          c0ae3ffea972005d0812042875fa854ac97b0e84abb9f84670b83fb11c6db535d2ded05ae06fd9bad94cd94fd46b1e34d2fa6e4edd770b149fc9f6f3e6113f41

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          465821605f9516525ec299d29b591ce5

                                                                                                                          SHA1

                                                                                                                          093ebe2e81171bd860fe5df2b13d1a348e4bf7fc

                                                                                                                          SHA256

                                                                                                                          d6393e6ba07f8fcb54c39950218e6efa17f6bbb310e709f59795a2e1083f7871

                                                                                                                          SHA512

                                                                                                                          1c253930de40beeddf5f1222de80e2806a4fddfa8997344bc20cc0dc51a20363171920b03d29f2be592433c8d026abece1abb1a3cdddd676262dee289f6b1189

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a09.TMP
                                                                                                                          Filesize

                                                                                                                          371B

                                                                                                                          MD5

                                                                                                                          bd20af7fd38c92ae4b2797e9aeb49b90

                                                                                                                          SHA1

                                                                                                                          d7aeaa18deab1287c3a50a60f0905480e9b87841

                                                                                                                          SHA256

                                                                                                                          a1019aacd284bbaf27315daf1013146f3ef4fe3f1b9afb80e2d0503c0a11704f

                                                                                                                          SHA512

                                                                                                                          029ce62367314904d50c49e5ff5082d115cd5cd6a30b3c1372952f3bd5c1535602cb353a72b3262f9aef7d6bd1c7360b76a6ed44da404d7c411679289ae6687e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                          SHA1

                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                          SHA256

                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                          SHA512

                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          5c2bf1d0267efbbd67c857c28f1ab20c

                                                                                                                          SHA1

                                                                                                                          38f53d2263419c540f637dbcf597f449e682d12f

                                                                                                                          SHA256

                                                                                                                          853cb72ad50390a68c92ce2bb34cbdc5b0716dbdc72ecbb68e5bd497fd5d0421

                                                                                                                          SHA512

                                                                                                                          5e2503432eaa7d430ed4844f99ce7adcdaa1801935b6671b62c15e95467e8c7035f533c8ac9c503216491e7ebd6024d2ef1d72f6b4665e961eb530d2938f0d17

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                          Filesize

                                                                                                                          18KB

                                                                                                                          MD5

                                                                                                                          9143c704e50691873f71e6255025dcc7

                                                                                                                          SHA1

                                                                                                                          448e4d65dfb8c83b4eec14919ab8b34497dccb15

                                                                                                                          SHA256

                                                                                                                          2463951515944a9fafa65ae3e6bb1f1400c2c04672e6cc54a82601e12d0cb1a7

                                                                                                                          SHA512

                                                                                                                          7cf81de18313b14003d9a19bf7449244f2824375fdacd0478f5a3e841f13fc1fbdb9094ca67e44f3f6a105c03eab8e75d6805c1017734327f39fbdbb3e505c85

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nljhzpg2.vrt.ps1
                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Graias\graias.exe
                                                                                                                          Filesize

                                                                                                                          962KB

                                                                                                                          MD5

                                                                                                                          4a9440baa61be8363a372b0bbc5933ad

                                                                                                                          SHA1

                                                                                                                          9aa5380dc87829c6fa22e9029cadcab9f6221ef9

                                                                                                                          SHA256

                                                                                                                          51c0bcbc40451c10e3b56df10853156378e8dbfb32ee63ea936737d42818822c

                                                                                                                          SHA512

                                                                                                                          648bd4434ce14e15c3faba25945525fffec6dad028e8fe26982d70096ccd448ca6e114e10739b1e990ea65970db97897713b8054450f1cd98c9aacb596436b0c

                                                                                                                          Download Submit

                                                                                                                        • memory/1120-17-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1120-96-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1120-12-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1120-14-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1120-11-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/1904-440-0x0000000000800000-0x00000000008F8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/2396-98-0x0000000004E70000-0x0000000004E84000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/3000-134-0x0000000000500000-0x00000000005F8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/3284-643-0x00000000010B0000-0x00000000011A8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/3480-148-0x000000006EF90000-0x000000006EFDC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/3480-141-0x0000000005510000-0x0000000005864000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/3480-147-0x0000000005E10000-0x0000000005E5C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/3480-158-0x0000000006DA0000-0x0000000006E43000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          652KB

                                                                                                                          Download

                                                                                                                        • memory/3480-159-0x0000000007300000-0x0000000007311000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          Download

                                                                                                                        • memory/3480-160-0x0000000007350000-0x0000000007364000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/4408-133-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-282-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-131-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-752-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-128-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-746-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-642-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-127-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-283-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-641-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-508-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-507-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-406-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4408-405-0x0000000000400000-0x000000000047F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          508KB

                                                                                                                          Download

                                                                                                                        • memory/4512-85-0x0000000006CA0000-0x0000000006CEC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4512-20-0x0000000074920000-0x00000000750D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4512-113-0x0000000007C60000-0x0000000007C7A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4512-111-0x0000000007940000-0x00000000079E3000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          652KB

                                                                                                                          Download

                                                                                                                        • memory/4512-100-0x000000006E5C0000-0x000000006E60C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4512-110-0x0000000006F10000-0x0000000006F2E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          120KB

                                                                                                                          Download

                                                                                                                        • memory/4512-99-0x0000000007900000-0x0000000007932000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          200KB

                                                                                                                          Download

                                                                                                                        • memory/4512-123-0x0000000074920000-0x00000000750D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4512-120-0x0000000007F80000-0x0000000007F88000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          Download

                                                                                                                        • memory/4512-114-0x0000000007CE0000-0x0000000007CEA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/4512-115-0x0000000007EE0000-0x0000000007F76000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          600KB

                                                                                                                          Download

                                                                                                                        • memory/4512-116-0x0000000007E60000-0x0000000007E71000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          Download

                                                                                                                        • memory/4512-84-0x0000000006940000-0x000000000695E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          120KB

                                                                                                                          Download

                                                                                                                        • memory/4512-83-0x00000000063A0000-0x00000000066F4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/4512-72-0x0000000005A10000-0x0000000005A76000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          408KB

                                                                                                                          Download

                                                                                                                        • memory/4512-73-0x0000000006330000-0x0000000006396000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          408KB

                                                                                                                          Download

                                                                                                                        • memory/4512-71-0x0000000005870000-0x0000000005892000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/4512-22-0x0000000074920000-0x00000000750D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4512-21-0x0000000005B90000-0x00000000061B8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/4512-112-0x00000000082B0000-0x000000000892A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.5MB

                                                                                                                          Download

                                                                                                                        • memory/4512-19-0x0000000003020000-0x0000000003056000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          216KB

                                                                                                                          Download

                                                                                                                        • memory/4512-18-0x000000007492E000-0x000000007492F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4512-119-0x0000000007FA0000-0x0000000007FBA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4512-118-0x0000000007EA0000-0x0000000007EB4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/4512-117-0x0000000007E90000-0x0000000007E9E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          56KB

                                                                                                                          Download

                                                                                                                        • memory/4864-5-0x0000000004B50000-0x0000000004B5A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/4864-9-0x0000000074920000-0x00000000750D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4864-7-0x0000000004E00000-0x0000000004E14000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/4864-6-0x0000000004E20000-0x0000000004EBC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          624KB

                                                                                                                          Download

                                                                                                                        • memory/4864-10-0x0000000005FD0000-0x0000000006094000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          784KB

                                                                                                                          Download

                                                                                                                        • memory/4864-97-0x0000000074920000-0x00000000750D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4864-8-0x000000007492E000-0x000000007492F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4864-4-0x0000000074920000-0x00000000750D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.7MB

                                                                                                                          Download

                                                                                                                        • memory/4864-1-0x0000000000050000-0x0000000000148000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/4864-2-0x00000000050A0000-0x0000000005644000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.6MB

                                                                                                                          Download

                                                                                                                        • memory/4864-3-0x0000000004B90000-0x0000000004C22000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          584KB

                                                                                                                          Download

                                                                                                                        • memory/4864-0-0x000000007492E000-0x000000007492F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/5420-345-0x00000000012E0000-0x00000000013D8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download

                                                                                                                        • memory/5540-747-0x0000000000C80000-0x0000000000D78000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          992KB

                                                                                                                          Download