Malware Analysis Report

2025-01-18 16:08

Sample ID 241205-qph4qswnfw
Target https://www.google.com
Tags
crimsonrat defense_evasion discovery rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.google.com was found to be: Known bad.

Malicious Activity Summary

crimsonrat defense_evasion discovery rat

Crimsonrat family

CrimsonRAT main payload

CrimsonRat

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 13:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 13:26

Reported

2024-12-05 13:30

Platform

win11-20241007-en

Max time kernel

207s

Max time network

205s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com

Signatures

CrimsonRAT main payload

Description Indicator Process Target
N/A N/A N/A N/A

CrimsonRat

rat crimsonrat

Crimsonrat family

crimsonrat

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\CrimsonRAT (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 298650.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 997526.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 439435.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\CrimsonRAT (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2764 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 3508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2764 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7fff70b83cb8,0x7fff70b83cc8,0x7fff70b83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 /prefetch:8

C:\Users\Admin\Downloads\CrimsonRAT (1).exe

"C:\Users\Admin\Downloads\CrimsonRAT (1).exe"

C:\ProgramData\Hdlharas\dlrarhsiva.exe

"C:\ProgramData\Hdlharas\dlrarhsiva.exe"

C:\Users\Admin\Downloads\CrimsonRAT (1).exe

"C:\Users\Admin\Downloads\CrimsonRAT (1).exe"

C:\ProgramData\Hdlharas\dlrarhsiva.exe

"C:\ProgramData\Hdlharas\dlrarhsiva.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5700 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 2.18.27.82:443 www.bing.com tcp
US 95.100.195.176:443 www.bing.com tcp
US 95.100.195.176:443 www.bing.com tcp
US 95.100.195.134:443 th.bing.com tcp
US 95.100.195.134:443 th.bing.com tcp
GB 2.19.252.134:443 aefd.nelreports.net tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 95.100.195.141:443 r.bing.com tcp
FR 185.136.161.124:6128 tcp
FR 185.136.161.124:6128 tcp
US 45.79.115.66:443 samperson.itch.io tcp
US 45.79.115.66:443 samperson.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 172.67.69.99:443 static.itch.io tcp
US 104.21.12.135:443 img.itch.zone tcp
US 172.67.69.99:443 static.itch.io tcp
US 45.79.115.66:443 samperson.itch.io tcp
US 104.21.12.135:443 img.itch.zone tcp
US 104.21.12.135:443 img.itch.zone tcp
US 45.79.115.66:443 samperson.itch.io tcp
US 104.21.12.135:443 img.itch.zone tcp
US 104.21.12.135:443 img.itch.zone tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 45.79.115.66:443 samperson.itch.io tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 22.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.115.79.45.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 151.101.192.176:443 js.stripe.com tcp
US 151.101.192.176:443 js.stripe.com udp
US 52.89.181.148:443 m.stripe.com tcp
GB 2.19.252.134:443 aefd.nelreports.net udp
FR 185.136.161.124:8761 tcp
FR 185.136.161.124:8761 tcp
GB 142.250.179.238:443 play.google.com udp
US 45.79.115.66:443 itch.io tcp
US 45.79.115.66:443 itch.io tcp
US 45.79.115.66:443 itch.io tcp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 185.136.161.124:11614 tcp
US 95.100.195.161:443 th.bing.com tcp
US 95.100.195.176:443 th.bing.com tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
FR 185.136.161.124:11614 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9314124f4f0ad9f845a0d7906fd8dfd8
SHA1 0d4f67fb1a11453551514f230941bdd7ef95693c
SHA256 cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e
SHA512 87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

\??\pipe\LOCAL\crashpad_2764_LFLSTZZKKCFKQWJH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1544690d41d950f9c1358068301cfb5
SHA1 ae3ff81363fcbe33c419e49cabef61fb6837bffa
SHA256 53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724
SHA512 1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5183613245eb0bb6a74893f0990b76e
SHA1 03ce2aab1a458eebf2771a6ec586a0c8fc28311c
SHA256 f19bee5b56bc3751850066265711ec4cfedb6340f22838e6e73153f874ab3d99
SHA512 dc197f22fe1b22d1ad8314fa3fde79091d428cd397c747e3fa64f1a3ff27556d83aad46f0cb6ed508cdc5ba50cacfc9cce45b880320bb5ba1c715beb36a0185e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da95660c0a92e21d61b4898bba1072db
SHA1 6925a4f742062f2b21f3c2cdec7c3191a75aa20c
SHA256 73e664bfe6d123d5bb2f83fd7bc7614b394531a96451354afa6cba8c852e6fce
SHA512 fef72f0f76fc90e9fd36dc403a2fbdc2d6c2ec57dfeb3442c25318aa04c228c23e0a1928a246870e253085eaa6b1e6db86570abef45bc870cf1451b9c9384eac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95856109ee0d650a5b8a7d0e1c90fe0c
SHA1 13ea6cdb1852a93f19a8a91116221a678a870319
SHA256 02d45135b491eccf67cf2cd9789ee1bb57c2034fd062eb5c53e18db9d5ac0fd3
SHA512 b2bb558faf348617af964396e44f004426e7998824e3e9b1906c68beae074b6b7bf2783c64211c2aee98289f661f4a5523dab61eb88f9a70f219999d2e8cc07e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 488e8c48d030d9274e8487c229000932
SHA1 d9b7da52681be069594143f426fa0a147e7fd0b1
SHA256 00efeced794f44153a7784afef83ba78cdd3c3970f59a66093f5af79fe8a79cc
SHA512 720975ee26ac41a49677c31c23e5c56fa3d2e6e0e615ed8497d460198f6da5a69d453463cc88a4ba42461c609f4745b79fe8b41b89259c5ce0c68e311142c38e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 39d43ab3aa7e853014adf989d6d97cbf
SHA1 c669ee4f444afe2c49614d8652023ef10548684b
SHA256 66056ca55f7a93e6b3b85808af87c6b1605eda1a676aea47eddb8ce1e67db3af
SHA512 41ac0fd6856d1607b0b235ea76f497b560dfe33211dd9c4f7747b3ec06d07fa13019ad7ff86031a304ce49ef9454d10df041dbd37bd442dee75f34ab0b3fe45e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30c0237b3b2a6d6d6f09be9fc5e72126
SHA1 b1f22aba46e9b8073748267493fa931b03f56880
SHA256 6135021e440e55bbf4f43919894ffc0944e9ef46b6406c219df71afa0b4170ef
SHA512 f71884d668cc2859163758298acea12f329b59d3c8bfc4ce1aefe28fec9e3d2dc20c432c6e6238db244b4be770627e0ddd1b69d6967a2aa20c02f2afd66d6152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 340e44b8e61d41ce90a401becf86090b
SHA1 fbacf793d2c10a3b8ea3c75af80d0529a269793c
SHA256 5056b1318f79032d27b1d76b57e1b81de196c0453dba09795f9e48c3eb0a1848
SHA512 597c773e20638a13d23dd185e9e31762d1dc22efa6874539f95e8c0fe062897915c0ea9d7843737aa3469cce06120984c93c67b255339a328607697d820b1a2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583dcf.TMP

MD5 58bed4386c8c086de377cb3f81213587
SHA1 1af6bbbff8e37ef47f7277096aabc648232b59a6
SHA256 35e87a94ed04779061f805a62a74e5027933fc6640c751d38d2f2a3d75ec73db
SHA512 a4e26266d72b0311e48591d81674c088c8381bdb4b1898da0843f2e590b1c2d36e170ade3bad7faf1bf70a334ff051ac306115a9434185afe060b05b85e64710

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6fde879b841f11be4f4aed3e6fa48069
SHA1 fb7b7193bcf3d50d917aa4af90b3fd40a0e82afa
SHA256 af9257a4c9b9df18b2a2397cf944756fad03244713b9dd96671a05b23ae72585
SHA512 1017251dd0913b6ca21b5c624bc26ffc6e20ec99a1364babe63e799a5eb3434da699aa3b4e9e62289345a1b844c164972758165de13d52af0a657a0cacfe6756

C:\Users\Admin\Downloads\Unconfirmed 298650.crdownload

MD5 b6e148ee1a2a3b460dd2a0adbf1dd39c
SHA1 ec0efbe8fd2fa5300164e9e4eded0d40da549c60
SHA256 dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba
SHA512 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a06c0b5299e5a9d2fc1c5ca33c467bd
SHA1 aa4dc18c9c8459bfaffc3a8a819135bc74cc356c
SHA256 98cce09b7a0fbf019ffc469c01357c780d3167d986e652907546dd1758f2a596
SHA512 3ee042b21e0f4591e0c950b9997bcd01c7c68919db46b854598e4ab4dd3579b9e257afc724b147eb55e94105fa89cf73b61cad141b457cf066782d45a5f34ad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc1cf8f88826875e3278e14f438cd8d6
SHA1 26b0a3d5cdef56b918f7821e0300786c7e3eed0f
SHA256 dcf3210e7b831ffb81eab98ada5938a96100be693b0533e89d37e368068db518
SHA512 472ae9fd5dd649e9fb7265f58b065a5d652df77b804d87a5c537f8783acd212372935cb83a2c172d4f1338fad2b02b1f9be6eacf4533872eccd27078c1648992

C:\Users\Admin\Downloads\CrimsonRAT (1).exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 58a3904092e16e2a62976925c5cff097
SHA1 b0244f34c56c1670bf2fe01671da8b8b0e3ba82a
SHA256 1864a06d9e6dfd2f9804eb8329813da6bf86d8c98da6baca3dfcc8a8ce14f7e6
SHA512 325d825fceb53321f03ed04f19824acdf1e3fe465590b8d6d808dad56385e27844fdc75476c18968968aef8f61eb12a756716aae1165f6ea8bc6451c28e55f95

memory/1664-467-0x0000022C64AD0000-0x0000022C64AEE000-memory.dmp

C:\ProgramData\Hdlharas\mdkhm.zip

MD5 b635f6f767e485c7e17833411d567712
SHA1 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8
SHA256 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e
SHA512 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

C:\ProgramData\Hdlharas\dlrarhsiva.exe

MD5 64261d5f3b07671f15b7f10f2f78da3f
SHA1 d4f978177394024bb4d0e5b6b972a5f72f830181
SHA256 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad
SHA512 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d97f4c6eab78a56646dbc0183271615
SHA1 c60cfad8d5bd8eebeeabc0a37dc2aeb8f8c60d25
SHA256 087e3345cb9ac57e504852c9ee58c1502873eb185e2a7f04de1d31d62c7c572f
SHA512 572e844a1007f426f6843cdcf78a7894cb23623c603ce02cc489a1034084e886128f086f018a1889f4021cb47779f78b3f8a2e6ec0d398b49c210568124116b7

memory/1664-509-0x0000022C01A50000-0x0000022C01AA3000-memory.dmp

memory/2112-510-0x0000018EAD0F0000-0x0000018EADA04000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CrimsonRAT (1).exe.log

MD5 8e0f23092b7a620dc2f45b4a9a596029
SHA1 58cc7c47602c73529e91ff9db3c74ff05459e4ea
SHA256 58b9918225aee046894cb3c6263687bfe4b5a5b8dff7196d72687d0f3f735034
SHA512 be458f811ad6a1f6b320e8d3e68e71062a8de686bae77c400d65091947b805c95024f3f1837e088cf5ecac5388d36f354285a6b57f91ea55567f19706128a043

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 b275fa8d2d2d768231289d114f48e35f
SHA1 bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA256 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512 d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c5ed786d61156ff03d4d7d6231989593
SHA1 f9e75b5893d0c3aa88e75c8f755aa80b4c3bf27d
SHA256 0ca91f12b62912eaadc2774ee527961f8350a3b81a6b660c240b2e6dc4816460
SHA512 bd95515034c42fb9cbffeb5f88b22f99b852df66a52417076e951cd63303f1f0f3aa2783d5e15ea07299a8b27c8cefcab17ce468503816084a4ea34ece332e2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5708c8f15fd58c71ce3cd6207090d94
SHA1 ee9460b71e61bac271f7184d1f01ab34be89d2f4
SHA256 7d0226a0fe2239173be3b869a155122d959ed2648da04ac606d56f07d47b6edf
SHA512 1742787e76e4de9022886458c1e11a09a689c7b2f7c2161b69c2cb16cafdf78246e9305b8eab7e7116c40a7594fc7dc7bc484f3e68a4935f62f85e419b87c074

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 835757a46d83a745dc26136e22f750b6
SHA1 02136ba86b5f8f5ea510a2925a8db635623d2796
SHA256 1dd6cbacadb6504ae6e3ab3758c016689e82dece1bd7bc04a980fd8c1a9a7c0c
SHA512 4b3b2b8c757c8cca3e1aa3f7c001070213ea8c2e44cb5c97246b16ca33c0e498bb4bb659ea6b2f5fae05f60c3a8503d884699b7a95fffdb09ce1bdfbb62e51fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69db9be8f63b4eb2eb29d17c89eeedb2
SHA1 5449f770dd22c765ac66590af1aba9cce840adb3
SHA256 8e9f79811c7f5ca6099df2109d0ea6fc07ae3a5e0a976e28d735c35a094e4519
SHA512 20678b0490cf479933b9c174e35eb54cb5276f30839c41e2451a92d9bbb5e6b04302591958786588ffba7ebb3b7e6f91d095abf8dc115961000a94e8b4676d64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 9f96d459817e54de2e5c9733a9bbb010
SHA1 afbadc759b65670865c10b31b34ca3c3e000cd31
SHA256 51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609
SHA512 aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 e98f77c695876f1fb5be900b7746f30d
SHA1 d68be5c834fc18f8d1c2dc6131fc56dbe5d2e3eb
SHA256 70e3bde20af4c0241b47fe708e77c612b75eed67692179114c24fedcbd35e833
SHA512 dcfb3868b21dd8e177da9c92d042844b45e89902e4284fa582f10fb414253f0b7902f430a593ab936563eabc64aaf29fe6e2a7bd64d720f08f26ef9a3669b430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 616f7376fe55a327944a4e51d5fbfe8b
SHA1 2a48cf98a72e7e61540df31747a98507362d3d87
SHA256 785d3cf4b14e15ec79aba6a62fe7877539a7a93437f0370999fa4c3bf358d582
SHA512 a044037fc0d585c323954a0f65606fff3d8728555e1aacbddcc827464a802018dfc99700d720ec1e2af802f2c35ea07f411b2811796e48f1590bc2094224cb11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2af539b9-f266-4b0f-b399-690d6903c775.tmp

MD5 459710cdf18249697aab8be1fd3251c2
SHA1 2b43ff4f9e8b19f9a2f05a23ae3cb47ac6753547
SHA256 b6cf951777f7b5523342d190e20fb18d2550642ba54c25c167528b5caa8123cb
SHA512 821d01c6ce3254ea7d61af8284b5418132d2307c23648e8ccf350ecf3453343c98bb62cd7cd83e676724c054f6734c02d7dc69118bdbabafde4251ee666b80a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4e3c003ad3cd6c0149463adc1a6b54a
SHA1 8e8d9a821a314d5cd88375fab4d2e19d7c7fb5e6
SHA256 ec4dd8443955e8b32dbd7f9a0a1e6fb0081fe450bb548c0843b0da5c62ccce8d
SHA512 a715be40ec76f7ceaa8185c47638ab79ab03fec70801f3720dda55b1c81bf63e3324c44c0f24864e70c313fe4892c8e189a76f2302463710bed440372559ecec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 baaca5ee69152750e8f780cd72f122a9
SHA1 23d2a7f6d84c6a506a38d3b99abe16da0bc4dddf
SHA256 12c99b07afb087cceb9a6dc76316555e91d8cabbc48a6e5c3310b6c9d910931f
SHA512 80c7ef0fe6e11a859b92ca7e3322dc0bc86617565975174443939a6cce932dcf3a8e900073853b112152319514a2da851a7375084b66d9103881d4e4c2c1f5be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 442ef349a2a53fdaf662062f234e200b
SHA1 80e1f9c98e046722e6e17e089241e91e209bec89
SHA256 d7c3f1090440921c50b34791f12dc3b43acf124efb4393b2c65db97434d533c4
SHA512 6e2cf6b6457fec5443d64dfdf057ddfb32bc93eecb4eafa516057c58820a924d8fa291ca37ae5324ee84256dca2198c1221cda0f877394aa0a3261b5139cb680

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8303b1148038e005f26443b5810c8751
SHA1 889818da98a7490e4516fdd59e07dd4215735371
SHA256 9d6b02acb166133a4f76e97a7888775a2d3d3c9536ab67491f9664e19c3be85d
SHA512 773671838bc0981a0f14db9b871985ffc40c8af0761ee8a9914c25417994e74fcfc90eee4595a3fc6a9be32d585d9995f082348929e69f91f8a8aeca30de86b5

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73df61883cffaf059b507dcd3ed2487e
SHA1 2a7bde5575486755d073ed6304c7c790a873dca8
SHA256 8ca5c8ce88088f38fcd447100a3e4e419c1a5fc2a570b1cf3d32167a0caf5a2e
SHA512 3d912b9331306ddb6240fa4a3529094ecf8b3100874d32fd3436788efc84ca4cf019954b131c39b05cde2a60870610b13b845f087f5db70c5fe2228a28ff67e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 835a4158c5a5ccd8ee97c67b3034e6c9
SHA1 e55b0b656725e9328e2ab9adcfde0477530a761b
SHA256 b9d7fa9f1541c13e33522014249a60bb7dfea68afa616dee78ccd73a501c9b63
SHA512 afe8fc961b2df9a892c958fcf0205d77b1a310ced71b6f0508bb6d4eaada9cec375346fd164618cdb7b475f6ea8a36c2b596a65950d19f4a1a4a804db979bff2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

MD5 77679519ea04bcff78638e3142fecb41
SHA1 89190dc215f6fc292742fb668a3a45ed03444c50
SHA256 1d3ded849d791070382a6462c4531d02313049ff818d05209b9f2a6bea0a1108
SHA512 39113b96a00a36ad76f3d626eb063979c70a52efb38073a356a96ac38a0cfadd4f9d30ed913351355518d10e9d2caf998b24d9875a17ee12442b1f424aa38281

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

MD5 4dc19f7e9d7beb291c52bbede73efa56
SHA1 2c834410f57665ccda75f9b9bf4016980088dd5c
SHA256 08e218b33c01a0fa1353be6e3920f212bfed7a272c6e30046e3c564f434e64e6
SHA512 f395cbd627eab39805d568174aa13370af01bc87126c8941bb29d42c96e1b8d484dd8e203d28a0e11fe2e51bd6925da1de7e994d549d3b5055ce6dac52b4315a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 89d21593dfed8e38115227872e948745
SHA1 3ad0d13015b51824cdc74565ca9dcbdfd3843066
SHA256 c1d62ddafbf278492e9d3dfc69f68b8dbd0cbd932ff9ebd9a2d39b984f3d3365
SHA512 ba532516794a96e493cc645551f16c3fc2d1ea8b2c05ddd5ba245e2cdfe623714fd9bcf11b51eaa308e90ed5f4c5dc37e41959f00efb88ff03b3dea442b2436a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

MD5 f258876922d18a0f85c24fb67298121f
SHA1 97e7bcd5752ce4d942e2c4e964189e0c1ae30f53
SHA256 0c9246e5a35a09c3e604ca495ada458b447088ef1ef7f38150a9c97a44fd7cda
SHA512 1e2215e14db14e06de35778a9feb8457307db7228efd0262adea2e3b9d303f7f831ea09936789e54a25a11d87102840b34aab2fe1630fc3f50dd1b49213ccb81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

MD5 5935bc9a7f3668309fd000373172ca3b
SHA1 19ac1fd552ca252905d5ca3ed897c1522959f309
SHA256 4215f5c22572cf24b663d726f7279d0b30b864deda72431717bc23cc9c0d267f
SHA512 96eff37f01ac79743c772b36061e98d8ff7125b02fb85649f34821a1a8010d99efdbe1e24826a41b29b497a8b238d38db522cacad3e272baccc29f72089bd928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

MD5 22de36ec711335614d0de22b0c306c3a
SHA1 3458d756e94dec1203c3f14e79a69b4b9b7f5ba6
SHA256 73bd66adda240ed1d9b68402b3959c5f42d4ac69c1037396c37e808a52a5d56d
SHA512 e6ad54a4d585724c8ed099b370304f6bd3f729dea05f1f6af0a055f8cf8bd684ca2a7b4a63da05a778b54554ec7b2c6301e48b48c1b62a232c83bc7e78a4bcdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e03dad304d02619bf5853dad4de2eba2
SHA1 c72be9f1ee23fddb32a253d4a000afffb7f6aa19
SHA256 fdb926a68c4948d914c1ccd8e3c3e38946adba4b4f3cb1052cd33569874f0fc0
SHA512 0232471ebb95a9002726e364a457fc15beb872cc2c7372015de0e0333ab6aa49b2f672e0ff70177198f959409d5706be2b1642a677871b7e51858fb9303851bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0aa6e80c1c63152845c02f6e7b9072b4
SHA1 bda589d2380c411789fb1073305dc34c059bba2e
SHA256 28813c6a615a7cc841c4c4ac4ed5064dc95955ee806a5ceb36ed5819af330582
SHA512 39f83597e050310b7bcde970c37fa45ee84bb26ac54bc3777a59fd62f593910cc6de3c30cd77ed2886b009b5d3c5e12a13f7cb94310f36a03f17c16a3046eba9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b10657a991bbef4e033d2b3a0e9c09ff
SHA1 7080fc0e8bdcdd9091032f9f0e7db365383ff9d8
SHA256 6bd4a61cda81aa91f37faf9ab2776b8c70ba38e823dc7437bf39de9ab0df6f3f
SHA512 fca7b9b855eaab553c8c4fb4f2bde8a88bffad8771c1da840263383d66e4b3f86521fcd0e650209e2edab3ae9da1080ca6d59ccadf37bc68587bbb4b2d3f4312