Analysis Overview
SHA256
a06acba515844903c5d524ea8ac8b1ea0115b1cf5c6516eabb4ecdd51934183f
Threat Level: Known bad
The file 830736afc7f1332346e80048f5860b65.exe was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Mystic
SectopRAT
RedLine payload
Detect Mystic stealer payload
SectopRAT payload
RedLine
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Suspicious use of SetThreadContext
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious use of UnmapMainImage
Checks SCSI registry key(s)
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 07:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 07:44
Reported
2023-11-11 07:47
Platform
win10v2004-20231020-en
Max time kernel
151s
Max time network
166s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Iy1QD50.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1E9A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6C5D.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2960 set thread context of 6824 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 8556 set thread context of 9092 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Iy1QD50.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe
"C:\Users\Admin\AppData\Local\Temp\830736afc7f1332346e80048f5860b65.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x104,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x78,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd02c646f8,0x7ffd02c64708,0x7ffd02c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8752578455962509612,9952218601297133046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8752578455962509612,9952218601297133046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13039252340032722116,11268856446948212776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13039252340032722116,11268856446948212776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,5932778800787539534,4015368651450567330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,5932778800787539534,4015368651450567330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6500845574762478510,16430497279136630632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6500845574762478510,16430497279136630632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,10207109538412506291,6378198790611738433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,10207109538412506291,6378198790611738433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,1089990788034583321,2183454933113581069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,1089990788034583321,2183454933113581069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,10414092632533785407,2318615342468317055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,10414092632533785407,2318615342468317055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,7102306089351498374,2543767994640806633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,7102306089351498374,2543767994640806633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3309776994582311449,9488468884026712451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3309776994582311449,9488468884026712451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6824 -ip 6824
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Iy1QD50.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Iy1QD50.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8920 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x248 0x308
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8640 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1E9A.exe
C:\Users\Admin\AppData\Local\Temp\1E9A.exe
C:\Users\Admin\AppData\Local\Temp\6C5D.exe
C:\Users\Admin\AppData\Local\Temp\6C5D.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,17863501996186864800,14138144929376511482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10664 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 18.210.178.3:443 | www.epicgames.com | tcp |
| US | 18.210.178.3:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.210.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.39.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 118.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 194.49.94.72:80 | tcp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 44.214.245.214:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.245.214.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-hgn7yn7e.googlevideo.com | udp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | tcp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | tcp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | tcp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | tcp |
| NL | 142.251.39.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 134.11.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i3.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | tcp |
| FR | 74.125.11.134:443 | rr1---sn-hgn7yn7e.googlevideo.com | tcp |
| US | 173.194.79.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.79.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.79.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.79.132:443 | yt3.ggpht.com | tcp |
| GB | 216.58.208.110:443 | i3.ytimg.com | tcp |
| US | 173.194.79.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.79.132:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 132.79.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 70.8.125.74.in-addr.arpa | udp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| NL | 142.251.39.118:443 | i.ytimg.com | udp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
| MD5 | b1967fc8f24aecad32d1add6c63db103 |
| SHA1 | 365d3b3a244658d4050fa3118a97e186132ae441 |
| SHA256 | 85de37fd1d0dde8dcf2cbc8d185ece3d4cb82f6057e1fc7a3b22ecc3a58bc639 |
| SHA512 | fe213d35682da87024a98f6ec52f347258fc74a9d2dcc63fbc436b8f742f10499d9059abb9aa2092ab497d197aae43068000cc33567a267d8394c96e8731247d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ru6iV27.exe
| MD5 | b1967fc8f24aecad32d1add6c63db103 |
| SHA1 | 365d3b3a244658d4050fa3118a97e186132ae441 |
| SHA256 | 85de37fd1d0dde8dcf2cbc8d185ece3d4cb82f6057e1fc7a3b22ecc3a58bc639 |
| SHA512 | fe213d35682da87024a98f6ec52f347258fc74a9d2dcc63fbc436b8f742f10499d9059abb9aa2092ab497d197aae43068000cc33567a267d8394c96e8731247d |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
| MD5 | 57e7c6bdd78608ccecb9fe7819bd211a |
| SHA1 | e34764b51f66fd3b12fb06d38760946b3dab29ef |
| SHA256 | d2fa34bd3e4cdfc50227dd78a26898466083e94047f03a12fc73fed874f04527 |
| SHA512 | 08358ac4b1843c5837eebe13bf2d02a321dcc5685c80ecc6b0ed54771a87c7c7277eac0546bfe21980156f530ff2098bd111e683a3994e833892d0cd83d0e89f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TE3Ts39.exe
| MD5 | 57e7c6bdd78608ccecb9fe7819bd211a |
| SHA1 | e34764b51f66fd3b12fb06d38760946b3dab29ef |
| SHA256 | d2fa34bd3e4cdfc50227dd78a26898466083e94047f03a12fc73fed874f04527 |
| SHA512 | 08358ac4b1843c5837eebe13bf2d02a321dcc5685c80ecc6b0ed54771a87c7c7277eac0546bfe21980156f530ff2098bd111e683a3994e833892d0cd83d0e89f |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
| MD5 | 6a7153447add5af84373f60c29e49e06 |
| SHA1 | a3d3bfafb6c28baf98da0538a9683656f27d218a |
| SHA256 | 169fe6f8367438cffebcc67b309734d76416f4c548a570713e330764e4ebdd8b |
| SHA512 | ca7ee452d180429d8a9ca38ed367d2b94e3ee33ac5e98cb0253d88b1ce7c3eadbf640c161b68854e534813c424a02367b0ded4666f9b5891109184eaed176d06 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1QS14Cj3.exe
| MD5 | 6a7153447add5af84373f60c29e49e06 |
| SHA1 | a3d3bfafb6c28baf98da0538a9683656f27d218a |
| SHA256 | 169fe6f8367438cffebcc67b309734d76416f4c548a570713e330764e4ebdd8b |
| SHA512 | ca7ee452d180429d8a9ca38ed367d2b94e3ee33ac5e98cb0253d88b1ce7c3eadbf640c161b68854e534813c424a02367b0ded4666f9b5891109184eaed176d06 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
| MD5 | edf6d38652bd6de386e305a27dfee5c9 |
| SHA1 | 2ccc25909c5c14539a98d257fec1cf6fed8bf775 |
| SHA256 | 23d15502688bb01c2a2153dbe88e927e48f1c45478270b170955c88b1de606e2 |
| SHA512 | a6f688905b8c0cd8565b4758ca6b14c6cc2bdaf1cabd8fc1dedbfb69becfd656bf332ff63a8bbf2a9b4c1f4efccebf324d4e4927b57daf79cfc1bfe783b62333 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Kv3026.exe
| MD5 | edf6d38652bd6de386e305a27dfee5c9 |
| SHA1 | 2ccc25909c5c14539a98d257fec1cf6fed8bf775 |
| SHA256 | 23d15502688bb01c2a2153dbe88e927e48f1c45478270b170955c88b1de606e2 |
| SHA512 | a6f688905b8c0cd8565b4758ca6b14c6cc2bdaf1cabd8fc1dedbfb69becfd656bf332ff63a8bbf2a9b4c1f4efccebf324d4e4927b57daf79cfc1bfe783b62333 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_2540_YCDRAYZMKSDOTYJU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1760_GJIBXMDICBXVGZPF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_3868_KHYVLJTDEUUNJGXE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4156_PFMNMICZTIZNPDZR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2728_RHAPJXXUKFZTTCWX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3624_ORVGUALCYTHOHFQF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1816_SNVBJVVHNLSODFSF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_1976_KZBHDNQTJPUMXCXI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2232_SZIPNMRXIDYKWGZR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_960_MMOPYRXAUHLAFYHW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/6824-139-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5869495037910cfe452b51fee391849d |
| SHA1 | 69f878f0a989aa0614c8aeb8ce99bd73cfde2305 |
| SHA256 | d2fe85e57748ed7dc157e8009855809ef73a33b90a59efdc4cd9dc918e41d673 |
| SHA512 | ba99e731e6b688922813068aae973e2484c498bc8249ee17d337a1e2fe4055adb47360c4a7fa1aec9476d5e027e4f8ef7082b44c5be2d093680d503ce713375c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 025179e29b86a7cf2371b443da25fd15 |
| SHA1 | 98a3432db635f3b437ef203ed100c1beec26adf4 |
| SHA256 | 2ee1f9cda76dcb04db15e2fdbf14cb2433a1e52f4ea7ea6801670d1e197c97bd |
| SHA512 | 4ee95b9b1823164f7d4219407d03a0f66c0ad18b5a2f938981617c723a6ec36922cc08e6aae9b578ca4dac1ff7c4cfa2a0bcb70997bb91f0772b88de2e65ea0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 295822104ae459c5edebbfc73719a377 |
| SHA1 | 9242bb5b83db9622dcfc42f92fce5a5b6d0c34e1 |
| SHA256 | fa0a09996c3b3a87871efdeca7d3c0026264f4f9b56b084f0f61f73b2220fc08 |
| SHA512 | 692bb3e10d0c4d12ec5ad2f10a82486955e8d52ab70f3d422ffe822025011917e94439f5db51b2c0a6b70e046559f8a30780f1214bc7977af09818a3e1159734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e108a0dc3863822be11237595cf4037 |
| SHA1 | 8596aca65cb956b39ab46e8f00de55be07e40f1b |
| SHA256 | 973015cf674854ab59e5e4afba6a2cbe305563dbeab4430c5b36bcee16806666 |
| SHA512 | afe1af4a020bffcf7af624793a9c3016f2ec98c24f254bc632dc998d3537281731f295fe619ca99fd14c7ddb2720032015bd7a91aa8d13c13bfd6f7261b6e3a3 |
memory/6824-184-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e66d2139-32bb-4991-961a-70498ee1d1ba.tmp
| MD5 | 485511d232de28c3fa4386e1ef9d900e |
| SHA1 | e073bf5f441bf3aafd9158dc29a88a5ed67d73a4 |
| SHA256 | 041d90f10071b4df156962f57bfe323def5c42cef312914933acd62406bc3289 |
| SHA512 | f50de2d0965510568396c82b4b705517dcfba837eabff08fd7ffab4af127382959ef3fe86fa851efae92febc52742ccd62f8daa251097ed26d2879639d29b46d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1e108a0dc3863822be11237595cf4037 |
| SHA1 | 8596aca65cb956b39ab46e8f00de55be07e40f1b |
| SHA256 | 973015cf674854ab59e5e4afba6a2cbe305563dbeab4430c5b36bcee16806666 |
| SHA512 | afe1af4a020bffcf7af624793a9c3016f2ec98c24f254bc632dc998d3537281731f295fe619ca99fd14c7ddb2720032015bd7a91aa8d13c13bfd6f7261b6e3a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4ca5b99553a0eff1cfa826a861f6991 |
| SHA1 | eb0ab12140726b1802be91f41b02d76b2804b905 |
| SHA256 | 869e2908203992c3ba3a48d369fb5b512a23191482adba54bbb012062800b33d |
| SHA512 | c309d51e4b3f2a414c841e8f35e7948e98cc5a6bb1c541fd9d0513ab24c13ae41b2d1d147d59eb99382a14a0c171e786b71ab961c3510e969671f42f98db7db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64e1273d3b55a73584e375b636e0829a |
| SHA1 | 01291c23f36c0f0e5749942ef7bc85743514fd34 |
| SHA256 | 2bab07a40feb995576a31b28980e7dc4aab36f842c08c713dfcda0bc2a744dd8 |
| SHA512 | 51fb167b22f7fd6187f6e5af4f91e5202f0e0f50632dea809a3418d83170fd96d5c35bd80fbd54417039e2c3a5a4070eacd23811339db0e500a81ae5841c2c29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64e1273d3b55a73584e375b636e0829a |
| SHA1 | 01291c23f36c0f0e5749942ef7bc85743514fd34 |
| SHA256 | 2bab07a40feb995576a31b28980e7dc4aab36f842c08c713dfcda0bc2a744dd8 |
| SHA512 | 51fb167b22f7fd6187f6e5af4f91e5202f0e0f50632dea809a3418d83170fd96d5c35bd80fbd54417039e2c3a5a4070eacd23811339db0e500a81ae5841c2c29 |
memory/6824-207-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\58899338-096b-4657-9908-ebf54563b859.tmp
| MD5 | c46d023888c6a225d9821e384f8bc1de |
| SHA1 | 233d907bbd863949a804664a4431155d46752c62 |
| SHA256 | bfecfaad338feedb080d5c71aa3747c2e6f1020c4fb22deef459650b01e0d523 |
| SHA512 | 46e910dbca645315200a469e9093fcffa9a218e2fb013eaec9527456fa60f7672575a485a211182bc3bc964a4e241d1d17f090c943dec230e694e82c52d06109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0da233d83b39ef9226f4df19ae02cee |
| SHA1 | 71b1bcf244e132fd3d34087e8fd1c6f90a5ad965 |
| SHA256 | 216c66cefff4e960612a01bc135b5f00a6f3f3dd2f463e791de91ca71fc4c73f |
| SHA512 | 91d6ecbee9b68619d0e9138c57acb66f08c8c6e5af655b35c37181276f14352fe4f17543bb4d24003b48fc959d8dd3fc8020ffa1f501fcca2c58d4acff39c082 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0da233d83b39ef9226f4df19ae02cee |
| SHA1 | 71b1bcf244e132fd3d34087e8fd1c6f90a5ad965 |
| SHA256 | 216c66cefff4e960612a01bc135b5f00a6f3f3dd2f463e791de91ca71fc4c73f |
| SHA512 | 91d6ecbee9b68619d0e9138c57acb66f08c8c6e5af655b35c37181276f14352fe4f17543bb4d24003b48fc959d8dd3fc8020ffa1f501fcca2c58d4acff39c082 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 485511d232de28c3fa4386e1ef9d900e |
| SHA1 | e073bf5f441bf3aafd9158dc29a88a5ed67d73a4 |
| SHA256 | 041d90f10071b4df156962f57bfe323def5c42cef312914933acd62406bc3289 |
| SHA512 | f50de2d0965510568396c82b4b705517dcfba837eabff08fd7ffab4af127382959ef3fe86fa851efae92febc52742ccd62f8daa251097ed26d2879639d29b46d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 295822104ae459c5edebbfc73719a377 |
| SHA1 | 9242bb5b83db9622dcfc42f92fce5a5b6d0c34e1 |
| SHA256 | fa0a09996c3b3a87871efdeca7d3c0026264f4f9b56b084f0f61f73b2220fc08 |
| SHA512 | 692bb3e10d0c4d12ec5ad2f10a82486955e8d52ab70f3d422ffe822025011917e94439f5db51b2c0a6b70e046559f8a30780f1214bc7977af09818a3e1159734 |
memory/6824-178-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4ca5b99553a0eff1cfa826a861f6991 |
| SHA1 | eb0ab12140726b1802be91f41b02d76b2804b905 |
| SHA256 | 869e2908203992c3ba3a48d369fb5b512a23191482adba54bbb012062800b33d |
| SHA512 | c309d51e4b3f2a414c841e8f35e7948e98cc5a6bb1c541fd9d0513ab24c13ae41b2d1d147d59eb99382a14a0c171e786b71ab961c3510e969671f42f98db7db5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
memory/7908-215-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3IP80DK.exe
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5869495037910cfe452b51fee391849d |
| SHA1 | 69f878f0a989aa0614c8aeb8ce99bd73cfde2305 |
| SHA256 | d2fe85e57748ed7dc157e8009855809ef73a33b90a59efdc4cd9dc918e41d673 |
| SHA512 | ba99e731e6b688922813068aae973e2484c498bc8249ee17d337a1e2fe4055adb47360c4a7fa1aec9476d5e027e4f8ef7082b44c5be2d093680d503ce713375c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 025179e29b86a7cf2371b443da25fd15 |
| SHA1 | 98a3432db635f3b437ef203ed100c1beec26adf4 |
| SHA256 | 2ee1f9cda76dcb04db15e2fdbf14cb2433a1e52f4ea7ea6801670d1e197c97bd |
| SHA512 | 4ee95b9b1823164f7d4219407d03a0f66c0ad18b5a2f938981617c723a6ec36922cc08e6aae9b578ca4dac1ff7c4cfa2a0bcb70997bb91f0772b88de2e65ea0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 438ba6e1e693712de157070cd1a1fa47 |
| SHA1 | 7aebc27f66d09fd84c91f9aa6ee7f828e8047fcc |
| SHA256 | e37aa726b954d38d5dd4c75eab83f54a24eaa9ea66cfc1b8c3f87f7827018785 |
| SHA512 | 757644965dca20848a7300470657f06aef903500f8871335830ad99c5e0f792a26dadfbf2ec862a632ce01b51bc9666df848d6e0f9c1b1be122b471ff195e075 |
memory/3272-318-0x00000000082C0000-0x00000000082D6000-memory.dmp
memory/7908-320-0x0000000000400000-0x000000000040B000-memory.dmp
memory/9092-365-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fd623c7a07ba0b1a4ef7836c7dc1e02f |
| SHA1 | 692de71e7923ce23f787dc2183e00b9f9d6016c6 |
| SHA256 | 729d515c1d4e74bca572786f88bc696e9649795c82d005fb81e21718e9ec31ee |
| SHA512 | b65e727494eabef445ec57c9487fba6da06391a6f293c612fae3cfd7ce0fc41ab7cdf1ddebfb4fe7bb10a04ec8d0d36ad69e3f6ba697bbea4065ce6bcf7626bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c169d91043a8c04f9da103182fb51896 |
| SHA1 | 7e60cdd3c2641efab8d97fb088d4a081b6df1baa |
| SHA256 | 1d1c221728e9214c08b81e0d561d9191bac02f4fc0ec8c414f3c2dac38fda088 |
| SHA512 | c4d969a84fcb488dfe0e8027ae7c1b2db422c7702e36f5a22add6f460fa6748af08c24ea704a5feb98fbd9b9db1e4c70d2a3a1bf7794b57e49179e6f0548d934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e8521f75ebc7cf2510fc37c9d0964ce2 |
| SHA1 | cfee89b0ce473f15545e6c1eb12e3c2acca7b6c8 |
| SHA256 | 8e84dda60e926e5527ea2963bfc67e8d103286e49caebb74996a02f6fc3789ba |
| SHA512 | 4b093bb54eec46c9fc529d4d5f6f2e7a7cddba9405b07580d4ba50e956e841986d21b0894eb6846f0d97172cafb69844882832ec573e1725d4398bf2f68c4092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c706d53e85fb5321a8396d197051531 |
| SHA1 | 0d92aa8524fb1d47e7ee5d614e58a398c06141a4 |
| SHA256 | 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932 |
| SHA512 | d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0d35ff61f28e9f118af385cac90e244e |
| SHA1 | 4bbc92795fdf1c616874ec51fa38d325f0eb97c8 |
| SHA256 | d11e2befd032cee1a34fbbc6db029e1c7a70df8b6e562e563d5b9930e6557980 |
| SHA512 | fddd9d676f9cff0c3b5efaf0ebc854b3797fd52943e4306fffadd77e55b808de54b586309e086fa2bc7fee6325ca9844d75f26328991275f84b2be851e8229aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 601e9e23f44ee94105f1050db56da17a |
| SHA1 | 10a993e4b8a544aebfdf2e479467bece05b01afe |
| SHA256 | 6ffd27cbc16ff1c05fe17c2532f583c4721870c34a133b05555306311cbbb01a |
| SHA512 | b613f56fa1d9d6cef995262bf254df91819181439e838edf08c7b925fd41a27966d4c61360b8e4611d03992199055fa3f37c500add3d0efd044424a29c75668b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0893c1468aadfef67889200203d373c9 |
| SHA1 | 440da33589d919d6200bc8bcc0c121ae05b6ec66 |
| SHA256 | 070d0f1e09eb66999db9d127fe94583981d3d51f3afce32ad0a529269ff0cc3c |
| SHA512 | 1bb8fcad0ac6c6b878c90446082085e00599d8f1409e9ed934d507e0d47cf5cb351987e5ea7708e1e7db595eb811cf4ce7073fb97da72f24f1bb94315e02efae |
memory/9092-513-0x0000000074050000-0x0000000074800000-memory.dmp
memory/9092-516-0x0000000007990000-0x0000000007F34000-memory.dmp
memory/9092-517-0x0000000007480000-0x0000000007512000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/9092-542-0x0000000007600000-0x0000000007610000-memory.dmp
memory/9092-589-0x0000000007460000-0x000000000746A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/9092-656-0x0000000008560000-0x0000000008B78000-memory.dmp
memory/9092-741-0x0000000074050000-0x0000000074800000-memory.dmp
memory/9092-746-0x0000000007600000-0x0000000007610000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e8203b4c444248d1f74e0aae8fa0404d |
| SHA1 | 8d1830862545ebd6bc25a948d4863ada854c7c3b |
| SHA256 | 41d0ae2ffb1450281c2febce4e17ff4592b04c28cc337bef3206bb071bdf8542 |
| SHA512 | c507c333248f61ad13070e708c1518361e604cb262cd1f32952141df1405c96ac91ed0e7a37919189d7d771220bb3b6ab6db8584bd80f6d88a55ffb852787837 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593649.TMP
| MD5 | 2afd36438d3c63f4f2b7725eca523ce2 |
| SHA1 | 2816a27bf3bf9db73cec31dce250cb874a84cce2 |
| SHA256 | 9ce35b53c7a1178fcfef27129343edaf12101e6a1957f5507d806a2f437a4d7d |
| SHA512 | 35fccf95a684e3f55f92898e2905466a04aee45ab3a50a1586136bbc2e8bee80bdffa6ef1ea419ef6bd659f67af9dad1f79f1c834ad57c50b38686154f72c4ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593639.TMP
| MD5 | 1a1638ad0c55919ac63b4eaa5ac844e2 |
| SHA1 | cadbb7d4bef002185959a4860f3f9452a3ed646b |
| SHA256 | dd03c8c0e7e168663b5e29235e58623e0e3ecdc00204468f320a0006d6464a8c |
| SHA512 | 223f0b49e876a38cfb5961ca557b18fe15491b98a4ff56b581df2301ab7b0b9befc523f12316d4b5265a37f9d5932eb98677c716f586b668dfa30ad046e4a12b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afe5ec4594ed7bd66c7d019b0ba52089 |
| SHA1 | 967a43ba7e24502905a7cd09182b7590cce66e30 |
| SHA256 | d934bb940566cdda4a56469f42c27ee69b271dda238e9a352d07ff5d54059c7d |
| SHA512 | 66857cf0038e67afc23161976702bb962a03d9e3145e14b54d8115f3875c3d6b25cfd3a179bac737863245fc36298e8d43a0c42b81dc8f840d08e8a9caef4727 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e2f2c77c7693d7d5eecffabbd473e59c |
| SHA1 | bc087d1d41c650bf43e895c9b5d3a4b728a67526 |
| SHA256 | 2fcdcb8182272a13ad63a99eda2cf2c602f466dd6d9a01e1e45aa434363d9a6e |
| SHA512 | c8c36453055f445af918297ce04c230980903761365350644d2b35cd2f28aa3160ef41c6f97612d50590be78dad6fd0431bb29b50df2807ff2393959daeee8bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d25d2fd81645bb287c60da11a0b86f7 |
| SHA1 | 0b0cae3b805323a68997c12add530a3e054ba3c0 |
| SHA256 | b6775ca810c720901a6be067305406473e45117afb66218e9bb5a2e44b700b65 |
| SHA512 | d30a7188df07fa9d20aa833d9eba4080de976dc1d9259ce88e51b33edc3c9d43d0d49cef03ed254761bd61ee81fdf771e8275c58817ca7a09400ed1dc4b515a2 |
memory/1848-783-0x0000000000400000-0x000000000046F000-memory.dmp
memory/1848-786-0x0000000000540000-0x000000000059A000-memory.dmp
memory/1848-807-0x0000000074050000-0x0000000074800000-memory.dmp
memory/1808-809-0x0000000000BB0000-0x0000000000BCE000-memory.dmp
memory/1808-818-0x0000000074050000-0x0000000074800000-memory.dmp
memory/1848-820-0x0000000007580000-0x0000000007590000-memory.dmp
memory/9092-824-0x0000000008050000-0x000000000815A000-memory.dmp
memory/1848-829-0x0000000007D90000-0x0000000007DA2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 21b43fa82f2c7d6d9cbd4e3b2854d2b2 |
| SHA1 | d9cc875b10310ee4599dd3ae5d30919a9ca1e132 |
| SHA256 | e57e18c6a759e66faa187ac2d4510af3c1c68b80d9d359f94e32cdfd3c3a90fa |
| SHA512 | 4d56b65d890923d944f85e646c7794e563b7ae6ca2e2796b24ec7eef5a8ad7e82b513f797387fe820bcbc0327677abb73ba412fa6214e5838cf4cb80f9f33b3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/1808-862-0x0000000005460000-0x000000000549C000-memory.dmp
memory/1808-908-0x0000000002C70000-0x0000000002C80000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 250fd17aa2dae087903efbed81d81773 |
| SHA1 | 373339be1078b08ebe487d3b7fe5100911e83c78 |
| SHA256 | 7818850c1abd265cead1e4461e0370977f3c32927fb094c478125b698077fb38 |
| SHA512 | d9ce13765700bd7f3aea1841b8278af7bfb6000170d495e947d56122cc5c692a69abaed137d6efaf391e54f0f57ca38b7e1dc6f5cb1e53823e4233e883cf6622 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 288efead27967b85c978069521438ff2 |
| SHA1 | e518b6156c1e0f529701ba2fbbaa16f39d760880 |
| SHA256 | a70f73bf7304bcd34f78b9b30acbf8885d924448dbadc40cf865164d20ed1459 |
| SHA512 | 562032abc99283b45409b99ac171fc3987de12076bfe009b07eba1d52cb043765a6af55db1cfb9bc78cd8fab5d5302fec6650a1945636dae5159b6455574e8ee |
memory/1848-975-0x0000000007F40000-0x0000000007F8C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a307fae9e489d6255ad9e3f733539064 |
| SHA1 | c6eb6064affa4bc96259164e238dc05ee6c709f3 |
| SHA256 | 0d8ee93084ec0b78fde8cca46d33537b1e4ecad5de6eacb5e22fb09862a777ea |
| SHA512 | d1c2a4d4e89efb5e1b455aa7eac2f4b3908f4e5771f4b5b406285b22870adf7a43e6b8e305ad1d2998f39eb5da35786338e059c2c0fa958bf4381a0ff09a327a |
memory/1848-1001-0x0000000074050000-0x0000000074800000-memory.dmp
memory/1808-1002-0x0000000074050000-0x0000000074800000-memory.dmp
memory/1848-1003-0x0000000007580000-0x0000000007590000-memory.dmp
memory/1808-1004-0x0000000002C70000-0x0000000002C80000-memory.dmp