crimsonrat | b6e0e05dfc876baa96c0e6b1b9de9dd7a16ed070106f53fa1daf26e10ed07040

Analysis

max time kernel
1169s
max time network
1181s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20-02-2024 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ggpermV3/LAUNCHTHIS.exe
Size

62KB
MD5

eac37455baace3357722d2bc5cf40be9
SHA1

bfbb2b0f876a0784e5a0d78b7981b27254c0a766
SHA256

e333b29fa06d2138c9a4c634fde1fe4212bd2a027c0175008001c8af60d34053
SHA512

78065623e0bafa450e49c91b700da3a31536033d005a6d20126cc886bc1075788a4e5d5f7b689b47c4eea01f58f797e696f06038dd967b6143d07204048ad067
SSDEEP

1536:eh4f8xsBb7KAMFYieXfRc/onjx6FXs+ceAP5w:bBbnRJfROqwFcZbP5w

Score

10^/10

crimsonrat rat

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 4 IoCs

Processes:

resource	yara_rule
behavioral3/files/0x000100000002a8bc-639.dat	family_crimsonrat
behavioral3/files/0x000100000002a8bc-647.dat	family_crimsonrat
behavioral3/files/0x000100000002a8bc-646.dat	family_crimsonrat
behavioral3/files/0x000100000002a8bc-676.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

Processes:

rkill64.exe

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	rkill64.exe

Executes dropped EXE 6 IoCs

Processes:

CrimsonRAT.exedlrarhsiva.exeCrimsonRAT.exedlrarhsiva.exerkill.exerkill64.exe

pid	Process
5044	CrimsonRAT.exe
1092	dlrarhsiva.exe
1016	CrimsonRAT.exe
4728	dlrarhsiva.exe
432	rkill.exe
5328	rkill64.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

Processes:

flow	ioc
13	raw.githubusercontent.com
15	raw.githubusercontent.com
96	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
43	api.ipify.org
2	api.ipify.org

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3513082673-3003704585-445662156-1000\{75AF3BAF-C27F-4121-A9EC-160B41DE64EE}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3513082673-3003704585-445662156-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

NTFS ADS 4 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 125836.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 745283.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\rkill.exe:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

Processes:

Notepad.exe

pid	Process
5152	Notepad.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exerkill64.exe

pid	Process
3212	msedge.exe
3212	msedge.exe
4168	msedge.exe
4168	msedge.exe
952	identity_helper.exe
952	identity_helper.exe
1684	msedge.exe
1684	msedge.exe
3544	msedge.exe
3544	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
3164	msedge.exe
3164	msedge.exe
2856	msedge.exe
4820	msedge.exe
4820	msedge.exe
5328	rkill64.exe
5328	rkill64.exe
5328	rkill64.exe
5328	rkill64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

Processes:

msedge.exe

pid	Process
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

rkill.exerkill64.exe

description	pid	Process
Token: SeDebugPrivilege	432	rkill.exe
Token: SeDebugPrivilege	5328	rkill64.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

msedge.exe

pid	Process
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	Process
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

rkill.exerkill64.exe

pid	Process
432	rkill.exe
5328	rkill64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

LAUNCHTHIS.exemsedge.exe

description	pid	Process	procid_target
PID 4320 wrote to memory of 4168	4320	LAUNCHTHIS.exe	81
PID 4320 wrote to memory of 4168	4320	LAUNCHTHIS.exe	81
PID 4168 wrote to memory of 1568	4168	msedge.exe	82
PID 4168 wrote to memory of 1568	4168	msedge.exe	82
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 1220	4168	msedge.exe	83
PID 4168 wrote to memory of 3212	4168	msedge.exe	84
PID 4168 wrote to memory of 3212	4168	msedge.exe	84
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85
PID 4168 wrote to memory of 1516	4168	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\ggpermV3\LAUNCHTHIS.exe
"C:\Users\Admin\AppData\Local\Temp\ggpermV3\LAUNCHTHIS.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-target.net/1050798/ggpermv3-key-step-3
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff8f3dc3cb8,0x7ff8f3dc3cc8,0x7ff8f3dc3cd8
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
    3⤵
    PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:2524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
    3⤵
    PID:4984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
    3⤵
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
    3⤵
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
    3⤵
    PID:128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
    3⤵
    PID:996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
    3⤵
    PID:2536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4740 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
    3⤵
    PID:1116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
    3⤵
    PID:4776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
    3⤵
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6940 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7340 /prefetch:8
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
    3⤵
    PID:3056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
    3⤵
    PID:1724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
    3⤵
    PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
    3⤵
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
    3⤵
    PID:1588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
    3⤵
    PID:5244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
    3⤵
    PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1
    3⤵
    PID:5840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
    3⤵
    PID:5860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
    3⤵
    PID:1796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
    3⤵
    PID:5448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
    3⤵
    PID:2824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
    3⤵
    PID:5536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9676 /prefetch:1
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
    3⤵
    PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
    3⤵
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10168 /prefetch:8
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10272 /prefetch:1
    3⤵
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
    3⤵
    PID:6032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
    3⤵
    PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=10476 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=10640 /prefetch:8
    3⤵
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,373231060707629398,2983988591794442160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10256 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1104

C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
1⤵
- Executes dropped EXE
PID:5044
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:1092

C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
1⤵
- Executes dropped EXE
PID:1016
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:4728

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4
1⤵
PID:2988

C:\Users\Admin\Downloads\rkill.exe
"C:\Users\Admin\Downloads\rkill.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:432
- C:\Users\Admin\Downloads\rkill64.exe
  C:\Users\Admin\Downloads\rkill.exe
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5328
- - C:\Windows\System32\Notepad.exe
    Notepad.exe C:\Users\Admin\Desktop\Rkill.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:5152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
2.1MB

MD5
c6ea1fc655eb800c95b3cdaed7a443dd

SHA1
9bf2bb7aade18d5c927ebe652f8a360d9c51b0c8

SHA256
f724631aaa677691e208b209d03d817fddb70d10d5467615db66e60976448c12

SHA512
edfcd22a5ece72a6c2027c5852b70692838790305bdcaa00cbc5b19143d009a9a5cbc181dba17366e74c787fdf869f8cd8147c86d9233d902f4d241d71e391d9

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
1.1MB

MD5
b4b5f1b28d01a57a687e29bf75e1ec62

SHA1
2cbe724d67a1fb6570e8af4953c08c443f9c25b5

SHA256
10661a56c92eeb0f81abcd909654d3468470bdc8d05823f1bff02b4a1c2e0dca

SHA512
1c04f5495d9e5cfbc6486db9ebba8ecb80487ed0f6fe16f2ca7398717748e83aa3903f47cc5e8fa64d5999f59c1248213b109fbcfbc7ef21d7eca460c9dac015

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
2.5MB

MD5
6610a63cf629562556a62ea2255ec3aa

SHA1
2f19f54c88c579594161c6462806499cff45c054

SHA256
b24423d157897b2cbffe2ac0f545e7f937434228c93dd8c2e20eaff70899c244

SHA512
2c01e1dcd83e5f6b29c0c8b34cc62778f667d3611fd578ed660edf38f521243fa07281146f2e5257cb1e54d769a9be7c31a39bb05c721a1e8060caed3069d2d0

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
2.4MB

MD5
01ef20b7dcc1d27d0ecc57c5a64ab59e

SHA1
cf7dfe67f635662088186d40d73e03e477327c30

SHA256
99804f3f2386e785241de8bcb617ce60080da3e93859a1d643c2c9d52a4c9c8c

SHA512
59dc5df76eac165f850aeb4cd22294d316f644e6cc17c6a8493974a86988ecb839b384cd514e6aa3fb1c4a2521e7773510573a3a49ada42b3e2e65bb6bd10733

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CrimsonRAT.exe.log

Filesize
1KB

MD5
8e0f23092b7a620dc2f45b4a9a596029

SHA1
58cc7c47602c73529e91ff9db3c74ff05459e4ea

SHA256
58b9918225aee046894cb3c6263687bfe4b5a5b8dff7196d72687d0f3f735034

SHA512
be458f811ad6a1f6b320e8d3e68e71062a8de686bae77c400d65091947b805c95024f3f1837e088cf5ecac5388d36f354285a6b57f91ea55567f19706128a043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53b9b1800c90e0f055e0daabb68cc97e

SHA1
beb76399e32e4ca5c634228e2d4001e197249cf0

SHA256
edac0665854b4e7aa3f2b866e6172c71b2e1c6a169a2a04cf1e74102ee9c0e5e

SHA512
87d516b7ae594902b2544e13c6224760e1ec40d676a2f699da3242b5d3a9eb962dc7b3ca7e2a3eed1dac5375cc6fd8379dfe47d127fd3c18a653a05a8f67c31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
37KB

MD5
20205d3da86be5f5aae99b10dc10d267

SHA1
276cfdb7b317e4478005caa11f5ddd874921a19a

SHA256
2b777a626ff9bcea70473e7ede8a27f3c33733fdb62f9c7b920a878f75ec2592

SHA512
c6fab2e3045e5400d6e49d14c98d23d4fec5a15329423bfcc58b030e97c80ff8796f535c48e69a3630238b6a8541133fd8c0fb7539c56e8d4a954a668921bcf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
20KB

MD5
4c0caa5c9cdb8517ac8f2e7ddb723953

SHA1
2a8b63065f03cbda6b0ddc4bb828df835eaccf9d

SHA256
977ae67b75c36dd0c5d8f18d503901c835fa095db1d0bcced3753674042236e1

SHA512
ba274133e4d1378de1a1840c4020e56bff6eb90b5779f1a7c63d55b8cb243b5218a4f43157cc5268ad78ff500c743136ceb3a07ed6db96bafa73141afdadff03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
92KB

MD5
87f81f9b95356a38baf541df907d5802

SHA1
c1e42d0be13572ade9e210d2388e6de825a53409

SHA256
d5ce6bbd894a58c6e09589246986ec09bf4e2cbea3ced876df815e0b8f52c07a

SHA512
ffa2d92951e5473453602346ce6cb9e9e7638d579a28879e381c959b5e6ff38cf591eff5224e105f3a64298ccadfc636ad282f96f4ddbbb9f38a5309b15d0367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
61KB

MD5
a1eb05b2e53b4908558d8ff04593ba0d

SHA1
cf7fc2706462d69876d05b3a8485a5b5ff71bfdd

SHA256
d95fd728438d7db547d3f5aa714b2bc81add8cce4dd03b0ce479d2dcfc61bd52

SHA512
108ab871d7bb98b5feb0fcbf6705710b34976da63ffe1033c8b3fe9ef2723238d9686f3a1d49f64b6f11dacb69953effd81badcf4ff42d3506bf0e85fcbe9b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
19KB

MD5
1d757185702fbe7fa84a4111f5181b71

SHA1
698a8aea1e118511ca54889f14b87a8d1b60027e

SHA256
fc97c936be26233cf9bb68bb5d7e7b9fedf1c21ac186e1b837b7077dc39b3c64

SHA512
42e5b81dd11ef0632174dbecb3fb161e15f204e9160082d9911675e7914ed20c8b8c136d9a8322c5f4d61882f87651470dbef7fcbfba2046c53d6ad035688148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
af726c700a88e47efc17cecc50ca4885

SHA1
addbb800112049429623d2579200988dbe638790

SHA256
48b7e1d8a3daf33650ce7bd92f3ea11493435a4870c6c33a8aee3de535862646

SHA512
b5423c9c9834ace61df19a2afe189070ef7f6a1a8ac01855164973e37cc6e0c09e7f5bdd6a21990af6538886e6b419cd730e72c162db236b2f38ec0528336ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a6d53c336609b5acb3466ed4decd8e7f

SHA1
08276bda24ca8206577a4af9e2e2bd0e280d5ed5

SHA256
3b98d08433e6e895aa39a8d6c06e01c9f3018a85f86218e15dfe00541060ccde

SHA512
6c277ead8c5d3bdfd23dd56dfd49988d28b68804e0afead33347132aab50bb03fd1e6f9eb64cc62067878198a2ed877ff387c2d025faa519e253c8a0b95713f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ed9e5d718590144da2a52049f8acc910

SHA1
87d3abc66f934632f764c2bc34a2b8a2cf0dd67a

SHA256
5c2808f6645bbdc523ecae1794c74080c871a2d25bb2b13d863a2e614a38f9b9

SHA512
a0045b295f9f780cfa636866bef7ae2d4cdeee56fce400ecc80e461c3cf2d6f14c0f2a9bb21899145a36dd93fb72a254798132f6b3f7689beedc6953732285b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
137da25b81c1fe432cebb2b069e95912

SHA1
ccd2a2d60bfa3dcc204f0c737037ff44e6adb98c

SHA256
aca1f66d061e67d3a3c4efb75b8ebbfd53fc472f535032aaca1435451180f237

SHA512
b0e2d3e913005fc65447e7e94ff32c1bd8795f1e36a24de1b36c1c699ac4764b1ef33aee2abfb0f1d86277db2f685176f1b8d02aa93a79cd7bb118c15371821a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
c80a063c18cf38cdba6ef35556be7b73

SHA1
f78469db06a0ef324bbce4bedadeb237997956b2

SHA256
223ddf6c6ad0dfb5a267e1342ee2d7b0e02d50f9487c65753ab7315f81ec6303

SHA512
63f4dba74d7cc3daa357179cf585fba9cd0be082a17e08f78ff87705bd1eb9acd17d6508f1dd36c8ba4c3353ac2043fe9fd17698eb661c915604ae9ee9cd92c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
9213c4f99d5fd40ee0f649b7e60ffb2c

SHA1
c912dcd101cb00a25296c0b5b9c2eb6e08facf06

SHA256
20e222bf109b57234c52d3fa9e4da8d3f102360e21cc85e014ea1d746ada6844

SHA512
54cff9bf80290952c121fb8af68db176d40d65ec669b4a4d5ac4af06e3608b2da2fd5303f6e3cd7004025419d79c958ca8d74613ca6ce229276882600bdea6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
96953a68808ca3a04aa0d2b10ddac31e

SHA1
651be3880e0e7349d069945e60cd2f6e3f37ce9d

SHA256
fd2989df07fec242f5b14ef8697bc616acb73af835d2e56cf1dcd39a0cc7e48c

SHA512
96774edcc3ca438431d3bdf771aa1d45ca6a09d3d596595ac285fdb55829cefaba780868877b2ea93531c42d23ec7bd12220e391d5d730adbdea58a810dbb3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
4fe2114d7dcb70f6073fa7a9935d96db

SHA1
ba7aa4b66f2d3455ee0e023e1413a7a96a50ece2

SHA256
78a542b53252f9b0e99b6562f397c7948e1bb3f88e50a24638fee9715b32d4b0

SHA512
33a9d39f599f463295fd9a46401b3f06801c6bc1006c04d4018c4ec7fa8c43f8e5f9c8833926fddcde6bfee79ffdff0ed85a2407dfcd851ae2feee3acb9f4c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
eccb89b63afc49efa101c7f57e044f4c

SHA1
9685ff6814d34c16d422b3feeee44d93e82251d4

SHA256
376c3ebf2f55214badbae255d9118bf4ee5b1551a5db658a44fafc1a479dcf91

SHA512
38eb68a4bed6de0b7d946a7468d384d84afb518a3554e14e5cca8e7de0c6fe7b2cb91f0fa55c4a4f63b0a9fcf8199391c824351917bc6626e17ebe1f01511253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
220fbd6cb70502a4f5ee47a760932778

SHA1
312279083693aa3f057f9f1d4d67f632d0a27065

SHA256
b4d0a3c88deef72c6424312d330e9b7c99dbf25e2cd40e085e5112165402b561

SHA512
2ca4be9e2beb7bebde945e0d1edcc973be853d12cef9c8f3599a732f4ae166f36dcaa2854137acd88b1bf81184e773d062a71425e1e006d2188bce58bb7fec4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f1da56d63ef0f6edb6b9de65715d33bf

SHA1
4c64b4eca4bfeb6e7f90068d16665154da454d11

SHA256
701479bf5169d3de95005358c048bcb14758b813b0a32e5a81d70a9faa90ee04

SHA512
a7756483a9ed8476caf188ba8134fce16ea00a7b6522aa659c7fb09ca5b0712189a71c7aa60aed6e298e4dbd80d3f5981aaebd3bb75549317cc0e3fdfb130e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
cdb597fc2364a6e440dd209b7f44d568

SHA1
a5b878fa81b1578968d946390a62400800866e4d

SHA256
905e2ba05b5e39688ce0a873fcb118ee5f4861c8857712daab53a4ffd66f4dfa

SHA512
93888763facd27e68f9fc37fb21828ddcb0856d2997235f9509fe7ad9f8c11615f73a481213b2fec45a55f6fa27384308ab03573f2be06d10f39df7905d2ff33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fe54a14e320c4812ccba073e67341af5

SHA1
3bcc46ca22d59c80773a8874ce9756963d88e3bd

SHA256
f58f0b3248f9d651ba5eaf87d8e2e53b816e1b23c1ae3f25af7f6c3f11a258e0

SHA512
357b6fc6ab7379770945ea867da0b620685b6f89cd50b187bf4ffb445e6f9c0e2e30c545bda289b9c22afbb812bce16816ff27650c01f24c96787202a205b6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
0957fb5409f350658a570e603c653281

SHA1
79d1a8c29efad4fc6b2fba105e87629122ef04bb

SHA256
dc8c1f582cb6d308342e3806328a02fcbf7cebdd7917c6b82c00fb5e8c84ff90

SHA512
2ab89af9b68cd88feaf9ca9533ce3fd360587659f00415c433b62bb001743c6262f4b116c7a3ff0f4a043443ccad1d9fe664b904e3e9aaaa8d85f47374c20659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c334b1517a67451650e283c9b3d363f2

SHA1
026052cba3770ac4469f855ea7d104505246f7ac

SHA256
1b71a5b817d96871c5e6b7614392989267c48307fc4c4c52718806e010952939

SHA512
eb7be531f1b25b1eb31c3325b7c80ae6d293fb83fdc7b741313252bad7fe859bbbfe9d2a2cdd3a58351c1e5d988ea4d5aed811ffcf24cc5ae34c31745100a13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5dfdc6b69fa37b98ae4e9795f87abc3

SHA1
306a714ce47f6366635aed1b3d42379b0a1898d4

SHA256
c4003cb3cb814fb34e8c393e9154b0c341d3173f734ca82e0b0fc4e898874d54

SHA512
ed7d3d691988f5d67131ad1357580066477a52d9c37ff2ef46c8e6cd318675e7aea38762fc9901d387a6797899f23a115e3c555f4df1afbcf9e4a2ff65fe94fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
3c6382b7c27ec40caa9d19bcc5a191fc

SHA1
0afd5f29bc298d0d045b1f0ae9bfcaba9925fa83

SHA256
efeb7901b5410121d0ed23451bd3ea9c7def0dd52483ce38b3dc3e4263a112e3

SHA512
05c5220f3b4bc6abdb51d49878d19fff54cd522e34bc8f46908fc7dd2de1000c8567c38085e1c40652903d6a01730c72fdbf1a3541e05604caf8fb77c090f35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2b5326e59913350b5aa2ead501a18df

SHA1
4d7295e58cafdb1a9a4daf50cc14c8cb545a9883

SHA256
95d06881d6acec249b767f59e6879ee5f61f87dcf5c046396f8f27c872c1fc2b

SHA512
9076a5abf6c7d9b9c5e807b1afc58f05e62782b170a2f287add1601df2d26eb94afa3d31235b8fbbaf65bb42b87e7a4a2b1657ee1dc82381d7fa546dc88444a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad5562b0100c727f97d9ad22e6e772d2

SHA1
9d3378eebb6cade94749cf6e485a5bb2a55680a8

SHA256
ee54d84832f31a4f1ba2627fc96a584aeda2da5d791133053e0f6f862892f7dd

SHA512
a6246d4e8dd0154fa1ed0f996f534fa3241e1d36e29ce979274fc96288913f2c7da6ff30961904a851425e3b9f1689bec0f7f117660a73299b81e614a27b8c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
37512dec1175cac3a6d7f04608a6874d

SHA1
54450b9d85a501f2c9674506cc3f2cc99654f2eb

SHA256
58d32da1bfcaa410d7373d2478d1647edbb28c36d31264f6db6b992e956ef088

SHA512
af0d9d3a86e11c12aa10cbfeed2c85659e656e5cda72108162572179b4437aa8e675ea5ad334c1c1f8c0414b201449f87caf29a4ec046755b746700b19ff265a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
982febe233be823060b5934ec275cf46

SHA1
aaf8432554a16824b211d9b449853af441165017

SHA256
739c3d1c5c9a724e015c08ed4b236bba0b3baed5b0e665d40e7f79ecaec10623

SHA512
d3a4e3fe935d655eede744e8823e2dc66c2340e5db49f2e4142f6fc331e1f95498de57138a87ca17dd8106fbbe7a9655a59f79506ae852a4b173a4433ecbf241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16feb1658c7125e6078a54596a9574d5

SHA1
cc5e77dae797654987339e2952d0dda4f38890fc

SHA256
9ff99a5c614ee1429d324de79173c907590a16402ccd5c2cad41eb2ff6d12262

SHA512
fd5e3a7b3b4ed2faa5a4208e30834047484c37172cdcb7e0555ed01e666c01939a88894dd35eeca0a6de9f01241d81b3d14868097a369958049b87e366a0d78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
c82ad8ad14e526ec66559c47de1a763f

SHA1
b10b0f130da2c65e86f90dea7ee0a7023d5c2113

SHA256
daf64997d996dd9b5fa74cfcf401181709c99c832ecac0765dfa2685a4de2d26

SHA512
77f20db71a5452fe0de763080ca73b3e55cb0f38bce7805eed977eff6d932b7b081f896be7d9baa8758cb0677e12848f60e08dc2b19985dad0476962b0ffcf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
62593367e1b1b198ec6d6305d847b690

SHA1
f4498d5346195bf073862579cd49d05153913fec

SHA256
1c8c086b3defc854507c61a4b17f956a4d9fb97f1aeb8df36f1ef36df2a31a71

SHA512
3b1ef993de207d98b192c530acd5d12970dfd88c403184b9f635dd01f31044b00d0574dd365c994969a9913eabf5b53bb0af043dc23558d2b13dddff0899e3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
595558e55f05d84376c6d4d8cf985915

SHA1
498c4f60ae14124763930d2d4c1d41f5283c1b6a

SHA256
87a09c68f326f7d911a636cc51aa18d43410378d23feb4529819e3ccec28da97

SHA512
cd30458808c251c1c28aa6058c205f447d15b659c5450e87ab109c71fd5054d4806eb264830cdc189a6484ba8f37d19d82eea74ce4882a485d5234a5f4cf3960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
49a1fd6b38e1457142d729bcea81b93f

SHA1
7916a89fb4cc1ca91c25a23b854e67e6c1685d53

SHA256
7a73364bb16a405dc878d678180c5b246bfd7f3934ade9ae62b3ae22b6a1b4e8

SHA512
94e98cf06428f2b033bc5905f0aa37628043568acf1ceee6e3b0c2f35064b7dd66806f8e963ff3ccd8e0772f3a142f1762a12e9f6747c478815bcf1a15cf4d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
8d90c497259f95c86e97cf8640c0ad6c

SHA1
2b6b1d2d4cc9a06e0093e107be39c5cd279ea2b4

SHA256
b7ff19b7f47c79bc87e8666e601fb4da0a6cb48d8e83ae8fdc770aa952c5554a

SHA512
90005345ba8e766ffb5721fc845664f0958fb1435604c36a62b4ca5cb55d3fcb5472ecb1e24774775e804cbb1687af01fd7952da832b1c7991f13dccb3c1cdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
b64ed9426a33ea4b51a1aa18ce284019

SHA1
4f8ab7615ad2dc860b1351a3f0c373631a6f4c0e

SHA256
b486a1ed96ab111d41bf478f3e6f6b9b3a80b0e7bcf29b102ea5b39c98f2a637

SHA512
52f3d4238fc6228fe10001e545a423dbec0f4ac08fec827956da696df616c6cd7b6a45cc20d3472a27afa1b3426c0bb80ecba735b1831b75b827879875bf3690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
88c414deb840fb9d5fef200fab536e29

SHA1
632aa8212a6fd212cdece846f1cd6ff0328ada8c

SHA256
36e78f8d10bf60664aa4e1b6fb5127b8f1f14b5aec6b3d84e04bbf2c0ac88a80

SHA512
60f0f12ef2b2994a08911f50fd36c48fd59ac00df5975bac0d069df0b1057e9e96c8c1438c503125b12d217b971e92e0c703fa04b5c286554746068a64529008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e435587c8e6c1e7c54bcf81bb19fcf12

SHA1
bd6187e1f307766b9e87db552d5d8722d3eb4c4d

SHA256
3582622fe32545fa9cec40bf777cf40ea75618b47a2adaeb09891460baacfac3

SHA512
69be067aecef9fb0cc07f51c7bae83f23a22c379969bbcf892663e8e60003b288a16e0d70e628521abe7c50f5b6e7e20b8b98f5c025239b4102c8a2c0179c4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
ef9eeffc833912dc74a7d3e87bbae4c3

SHA1
ab390a046a751283c0b63728921f0eb3996d727d

SHA256
62d392d137637e675f0277c0503c8b6a14fb92a3acf92cc7fe87c52b43fb80fe

SHA512
2b01394ae9b6bab2becb53e099d957684b23ec5c5df34c4810a021ad8000f383e63b36d5f184ee755d5efc724c8560a7a09d75bf93738d04115dedf72e522466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0dd83ec1510fa5413e3472d007f9bd32

SHA1
bf1eb2fb7fe6218cc2bade9c1370ee27a9e98298

SHA256
0ab9e58f43c04d2871c9c5c69202e52ec33c1b7d6392c629a722b4396704f60e

SHA512
7d6fca5aacc0093fa6e4a55096b28fbb10ecfa16a087fd567b6a1f061ae3ca10466393bc5ee19e575d183cc59b0bf628c7c74026b862024fa83364cb5b73fe02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f372098cc10e1186d5631a28d2279eab

SHA1
165d153e6ea6771e47bb47b9e38366ffac8f5898

SHA256
edd1e8db99e9252f7a2fa3ac58c1212d2a101ddae67b1fdb17449e27739d8f33

SHA512
a2495482c21ad6890629029ea897183f8f7e5b5039ad0a6c36a8b2442b390b1e1c0a1b40c26f819225f34de46cf8efbd8343ea8b2a3d80e40cf49cfcb0f298b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44aa396b1c4e18489401a60e8334e11d

SHA1
7d91090a7b30e165e2e03e666c6c62f86550b043

SHA256
ce44a673472636d7a02ef219e0e30e82a9710b0fa6da606e3b0b341a47965a5c

SHA512
6cbb52f365d5848052305fcd97d70686a4f6580233bbb14dd68ac51580ab37ef118e2b9911863fc8c586d738786e157376e8807ec019e362350a90adc49c3c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b8157096181e0d85251b0fe5537eff7e

SHA1
9f51f8808e5223b1116d969d7fbb66c476f4b55c

SHA256
516b7b0a54cfd8ccf0ea7878c95cbffee3a050a58d69d4cbc0db931f0d3c7771

SHA512
25760d0833a19a4505a213facae42411ecab2a16fd05ca032ed072ed0c2846b04fc8cfe087186df8a3d44ccb610505ae6b789177571869ba0854d0cccd0f0f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
9345df09860d8bfdc2017d184cbde955

SHA1
726b74918ae4320312a299f26155cb0a92cde5c4

SHA256
989ff8f319ffb6dfa844e4ec1782c80310537a2778a51cdb6d922fd37fdae16a

SHA512
d08739f00b1a2e2c4bbcecd7457266de59b52849e0eda4cbe212a46a193f0971a5d57e5a1f40b14d458c55d5fec471b48151ebca13beade303080fe252af0348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593d4d.TMP

Filesize
1KB

MD5
57947724b9bda7a3b074b2584e343c6e

SHA1
08075a21a299e0fbfa8fb4da736e029da4ad0260

SHA256
4894ea7186c1d25ec1b24aa57b332038f1cbd88c65cc9e50c2823d4bb418569b

SHA512
c3f897d2c4dc288f98ebf64384be5a04eb21db8d8e5bff8d70873219e60922f9a6f6414fb2de3a2fdea49ca2037025b788e11522f81b4729b3726099897c2630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9352d09126656348bc30551a80ac5a7a

SHA1
77e14af68235ff9d2257ca22fe35d3ae03d44fd0

SHA256
ad1bb07d60b1e99dfc15ec58f55d461bcd3f27f7c02e48409310ed49e411446c

SHA512
3c27254e7df5cf1fd5a8814f5a58ecfa664646a77bb830edf2320a7596e3c18f58af6d195200ef6846902b60fb0fad00ed0c0dae668cd150d34155ab2c3e94d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4aca5a403e1bb171b381d34dd10b4ffb

SHA1
63f4f6664c50f33cdb67ee07a02045d79f0ff9e3

SHA256
110c18c5269c568663412c4195a810015ba8b63526a2df65a82de9f67795639a

SHA512
e955a5bdaad41304365dac827ef1c910c3d4d9ef132f42a6c8f0d4044d1fd14c6292397b10651b9874ca2a9fa4a02a604c11ddffbc75653f0d4ce46a1a6fed29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8486a697e92d7ce51563ca077576ac0

SHA1
79e57dcb9342f3a92c8b01b0d0252b1e6047ab06

SHA256
379ad9462c6cf407353fb3fcee507ca3d6b632257aae8484ef2c9a92ba304054

SHA512
98e415dffcceefa406f010d837f037d1538d30a4429694b206273c21f0148e23f0bfc490f37778e7e2c8005947a1def773359c2e13a8f4821f0c06c3f145f38b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
8KB

MD5
d110a1fd769198b405ac79c54a1e8d0b

SHA1
15414d0e8477b5660c5662a24910b0f816839f31

SHA256
5e7c7460f0fb23e60dab57d7d030ef6384245f84f630245ca1c846dd6ae3e8b1

SHA512
7157442cad0ad257cdc0073e2de65ac1a7e74ead6c5e5a8f34bb65332f64e4f6b73ffae72e55b262437898a081b9af1376ca1a33b60bdc987bc1cf53aaf1cc29

Download Submit
C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier

Filesize
210B

MD5
b9b6da36f4fe97a7a1ace962f11a0b8a

SHA1
9622484af2302104a953597152039efb849d2662

SHA256
34a159e85a9daf6792eb9842d1192ccedb0ff7bc758e4443665fa36561a3a5cf

SHA512
8bc0e7904d6fcaf7c0a83a372962fd10244b3203053e12db76ac09e151988cd11a501077c38b8086614e85b84b85ede6676d66f299f2efacf66a53b3c9b85c37

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 125836.crdownload

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 745283.crdownload

Filesize
1.7MB

MD5
6d622dcc87edc9a7b10d35372ade816b

SHA1
47d98825b03c507b85dec02a2297e03ebc925f30

SHA256
d4ac5b3c525a5fd94019d80ff81b552e73b19b1bd0a554b9609cdd5e1b00955a

SHA512
ed06f872a7c66ffeeb8cb8f6fedca06ccabf623f9cd188c4c7105428e8d6521ef8da0bac0564e14d2da914d2846369a9c04577a8cf7fb80cb62831e5497f2a58

Download Submit
\??\pipe\LOCAL\crashpad_4168_EKBQBMGKZTIIIWQJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1016-673-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/1016-674-0x000001776FC60000-0x000001776FC70000-memory.dmp

Filesize
64KB

Download
memory/1016-679-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/1092-648-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/1092-649-0x000002D70D8F0000-0x000002D70E204000-memory.dmp

Filesize
9.1MB

Download
memory/1092-650-0x000002D710000000-0x000002D710010000-memory.dmp

Filesize
64KB

Download
memory/1092-2130-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/1092-680-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/1092-681-0x000002D710000000-0x000002D710010000-memory.dmp

Filesize
64KB

Download
memory/4320-8-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/4320-2-0x0000000005AC0000-0x0000000006066000-memory.dmp

Filesize
5.6MB

Download
memory/4320-161-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/4320-0-0x0000000000B60000-0x0000000000B76000-memory.dmp

Filesize
88KB

Download
memory/4320-1-0x0000000074F90000-0x0000000075741000-memory.dmp

Filesize
7.7MB

Download
memory/4320-2129-0x0000000074F90000-0x0000000075741000-memory.dmp

Filesize
7.7MB

Download
memory/4320-158-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/4320-107-0x0000000074F90000-0x0000000075741000-memory.dmp

Filesize
7.7MB

Download
memory/4320-3-0x0000000005510000-0x00000000055A2000-memory.dmp

Filesize
584KB

Download
memory/4320-4-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/4320-5-0x0000000005650000-0x000000000565A000-memory.dmp

Filesize
40KB

Download
memory/4320-7-0x00000000057F0000-0x0000000005804000-memory.dmp

Filesize
80KB

Download
memory/4320-6-0x0000000005810000-0x000000000595E000-memory.dmp

Filesize
1.3MB

Download
memory/4728-855-0x0000017AFBFA0000-0x0000017AFBFB0000-memory.dmp

Filesize
64KB

Download
memory/4728-694-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/4728-677-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/4728-2131-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/4728-678-0x0000017AFBFA0000-0x0000017AFBFB0000-memory.dmp

Filesize
64KB

Download
memory/5044-652-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/5044-615-0x00007FF8DF680000-0x00007FF8E0142000-memory.dmp

Filesize
10.8MB

Download
memory/5044-616-0x0000021BB8080000-0x0000021BB8090000-memory.dmp

Filesize
64KB

Download
memory/5044-614-0x0000021B9DAC0000-0x0000021B9DADE000-memory.dmp

Filesize
120KB

Download