Analysis Overview
Threat Level: Known bad
The file https://www.google.com was found to be: Known bad.
Malicious Activity Summary
Crimsonrat family
CrimsonRAT main payload
CrimsonRat
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Subvert Trust Controls: Mark-of-the-Web Bypass
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-05 13:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-05 13:26
Reported
2024-12-05 13:30
Platform
win11-20241007-en
Max time kernel
207s
Max time network
205s
Command Line
Signatures
CrimsonRAT main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
CrimsonRat
Crimsonrat family
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CrimsonRAT (1).exe | N/A |
| N/A | N/A | C:\ProgramData\Hdlharas\dlrarhsiva.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CrimsonRAT (1).exe | N/A |
| N/A | N/A | C:\ProgramData\Hdlharas\dlrarhsiva.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\CrimsonRAT (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 298650.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 997526.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 439435.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CrimsonRAT (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7fff70b83cb8,0x7fff70b83cc8,0x7fff70b83cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 /prefetch:8
C:\Users\Admin\Downloads\CrimsonRAT (1).exe
"C:\Users\Admin\Downloads\CrimsonRAT (1).exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Users\Admin\Downloads\CrimsonRAT (1).exe
"C:\Users\Admin\Downloads\CrimsonRAT (1).exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5700 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17106303581799735722,18428360435921704458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 95.100.195.176:443 | www.bing.com | tcp |
| US | 95.100.195.176:443 | www.bing.com | tcp |
| US | 95.100.195.134:443 | th.bing.com | tcp |
| US | 95.100.195.134:443 | th.bing.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| IE | 40.126.31.69:443 | login.microsoftonline.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 95.100.195.141:443 | r.bing.com | tcp |
| FR | 185.136.161.124:6128 | tcp | |
| FR | 185.136.161.124:6128 | tcp | |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 172.67.69.99:443 | static.itch.io | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| US | 104.21.12.135:443 | img.itch.zone | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 45.79.115.66:443 | samperson.itch.io | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.115.79.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 151.101.192.176:443 | js.stripe.com | tcp |
| US | 151.101.192.176:443 | js.stripe.com | udp |
| US | 52.89.181.148:443 | m.stripe.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| FR | 185.136.161.124:8761 | tcp | |
| FR | 185.136.161.124:8761 | tcp | |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 45.79.115.66:443 | itch.io | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 185.136.161.124:11614 | tcp | |
| US | 95.100.195.161:443 | th.bing.com | tcp |
| US | 95.100.195.176:443 | th.bing.com | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| FR | 185.136.161.124:11614 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9314124f4f0ad9f845a0d7906fd8dfd8 |
| SHA1 | 0d4f67fb1a11453551514f230941bdd7ef95693c |
| SHA256 | cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e |
| SHA512 | 87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85 |
\??\pipe\LOCAL\crashpad_2764_LFLSTZZKKCFKQWJH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e1544690d41d950f9c1358068301cfb5 |
| SHA1 | ae3ff81363fcbe33c419e49cabef61fb6837bffa |
| SHA256 | 53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724 |
| SHA512 | 1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f5183613245eb0bb6a74893f0990b76e |
| SHA1 | 03ce2aab1a458eebf2771a6ec586a0c8fc28311c |
| SHA256 | f19bee5b56bc3751850066265711ec4cfedb6340f22838e6e73153f874ab3d99 |
| SHA512 | dc197f22fe1b22d1ad8314fa3fde79091d428cd397c747e3fa64f1a3ff27556d83aad46f0cb6ed508cdc5ba50cacfc9cce45b880320bb5ba1c715beb36a0185e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | da95660c0a92e21d61b4898bba1072db |
| SHA1 | 6925a4f742062f2b21f3c2cdec7c3191a75aa20c |
| SHA256 | 73e664bfe6d123d5bb2f83fd7bc7614b394531a96451354afa6cba8c852e6fce |
| SHA512 | fef72f0f76fc90e9fd36dc403a2fbdc2d6c2ec57dfeb3442c25318aa04c228c23e0a1928a246870e253085eaa6b1e6db86570abef45bc870cf1451b9c9384eac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95856109ee0d650a5b8a7d0e1c90fe0c |
| SHA1 | 13ea6cdb1852a93f19a8a91116221a678a870319 |
| SHA256 | 02d45135b491eccf67cf2cd9789ee1bb57c2034fd062eb5c53e18db9d5ac0fd3 |
| SHA512 | b2bb558faf348617af964396e44f004426e7998824e3e9b1906c68beae074b6b7bf2783c64211c2aee98289f661f4a5523dab61eb88f9a70f219999d2e8cc07e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 488e8c48d030d9274e8487c229000932 |
| SHA1 | d9b7da52681be069594143f426fa0a147e7fd0b1 |
| SHA256 | 00efeced794f44153a7784afef83ba78cdd3c3970f59a66093f5af79fe8a79cc |
| SHA512 | 720975ee26ac41a49677c31c23e5c56fa3d2e6e0e615ed8497d460198f6da5a69d453463cc88a4ba42461c609f4745b79fe8b41b89259c5ce0c68e311142c38e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39d43ab3aa7e853014adf989d6d97cbf |
| SHA1 | c669ee4f444afe2c49614d8652023ef10548684b |
| SHA256 | 66056ca55f7a93e6b3b85808af87c6b1605eda1a676aea47eddb8ce1e67db3af |
| SHA512 | 41ac0fd6856d1607b0b235ea76f497b560dfe33211dd9c4f7747b3ec06d07fa13019ad7ff86031a304ce49ef9454d10df041dbd37bd442dee75f34ab0b3fe45e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30c0237b3b2a6d6d6f09be9fc5e72126 |
| SHA1 | b1f22aba46e9b8073748267493fa931b03f56880 |
| SHA256 | 6135021e440e55bbf4f43919894ffc0944e9ef46b6406c219df71afa0b4170ef |
| SHA512 | f71884d668cc2859163758298acea12f329b59d3c8bfc4ce1aefe28fec9e3d2dc20c432c6e6238db244b4be770627e0ddd1b69d6967a2aa20c02f2afd66d6152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 340e44b8e61d41ce90a401becf86090b |
| SHA1 | fbacf793d2c10a3b8ea3c75af80d0529a269793c |
| SHA256 | 5056b1318f79032d27b1d76b57e1b81de196c0453dba09795f9e48c3eb0a1848 |
| SHA512 | 597c773e20638a13d23dd185e9e31762d1dc22efa6874539f95e8c0fe062897915c0ea9d7843737aa3469cce06120984c93c67b255339a328607697d820b1a2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583dcf.TMP
| MD5 | 58bed4386c8c086de377cb3f81213587 |
| SHA1 | 1af6bbbff8e37ef47f7277096aabc648232b59a6 |
| SHA256 | 35e87a94ed04779061f805a62a74e5027933fc6640c751d38d2f2a3d75ec73db |
| SHA512 | a4e26266d72b0311e48591d81674c088c8381bdb4b1898da0843f2e590b1c2d36e170ade3bad7faf1bf70a334ff051ac306115a9434185afe060b05b85e64710 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6fde879b841f11be4f4aed3e6fa48069 |
| SHA1 | fb7b7193bcf3d50d917aa4af90b3fd40a0e82afa |
| SHA256 | af9257a4c9b9df18b2a2397cf944756fad03244713b9dd96671a05b23ae72585 |
| SHA512 | 1017251dd0913b6ca21b5c624bc26ffc6e20ec99a1364babe63e799a5eb3434da699aa3b4e9e62289345a1b844c164972758165de13d52af0a657a0cacfe6756 |
C:\Users\Admin\Downloads\Unconfirmed 298650.crdownload
| MD5 | b6e148ee1a2a3b460dd2a0adbf1dd39c |
| SHA1 | ec0efbe8fd2fa5300164e9e4eded0d40da549c60 |
| SHA256 | dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba |
| SHA512 | 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0a06c0b5299e5a9d2fc1c5ca33c467bd |
| SHA1 | aa4dc18c9c8459bfaffc3a8a819135bc74cc356c |
| SHA256 | 98cce09b7a0fbf019ffc469c01357c780d3167d986e652907546dd1758f2a596 |
| SHA512 | 3ee042b21e0f4591e0c950b9997bcd01c7c68919db46b854598e4ab4dd3579b9e257afc724b147eb55e94105fa89cf73b61cad141b457cf066782d45a5f34ad6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc1cf8f88826875e3278e14f438cd8d6 |
| SHA1 | 26b0a3d5cdef56b918f7821e0300786c7e3eed0f |
| SHA256 | dcf3210e7b831ffb81eab98ada5938a96100be693b0533e89d37e368068db518 |
| SHA512 | 472ae9fd5dd649e9fb7265f58b065a5d652df77b804d87a5c537f8783acd212372935cb83a2c172d4f1338fad2b02b1f9be6eacf4533872eccd27078c1648992 |
C:\Users\Admin\Downloads\CrimsonRAT (1).exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 58a3904092e16e2a62976925c5cff097 |
| SHA1 | b0244f34c56c1670bf2fe01671da8b8b0e3ba82a |
| SHA256 | 1864a06d9e6dfd2f9804eb8329813da6bf86d8c98da6baca3dfcc8a8ce14f7e6 |
| SHA512 | 325d825fceb53321f03ed04f19824acdf1e3fe465590b8d6d808dad56385e27844fdc75476c18968968aef8f61eb12a756716aae1165f6ea8bc6451c28e55f95 |
memory/1664-467-0x0000022C64AD0000-0x0000022C64AEE000-memory.dmp
C:\ProgramData\Hdlharas\mdkhm.zip
| MD5 | b635f6f767e485c7e17833411d567712 |
| SHA1 | 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8 |
| SHA256 | 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e |
| SHA512 | 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af |
C:\ProgramData\Hdlharas\dlrarhsiva.exe
| MD5 | 64261d5f3b07671f15b7f10f2f78da3f |
| SHA1 | d4f978177394024bb4d0e5b6b972a5f72f830181 |
| SHA256 | 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad |
| SHA512 | 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d97f4c6eab78a56646dbc0183271615 |
| SHA1 | c60cfad8d5bd8eebeeabc0a37dc2aeb8f8c60d25 |
| SHA256 | 087e3345cb9ac57e504852c9ee58c1502873eb185e2a7f04de1d31d62c7c572f |
| SHA512 | 572e844a1007f426f6843cdcf78a7894cb23623c603ce02cc489a1034084e886128f086f018a1889f4021cb47779f78b3f8a2e6ec0d398b49c210568124116b7 |
memory/1664-509-0x0000022C01A50000-0x0000022C01AA3000-memory.dmp
memory/2112-510-0x0000018EAD0F0000-0x0000018EADA04000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CrimsonRAT (1).exe.log
| MD5 | 8e0f23092b7a620dc2f45b4a9a596029 |
| SHA1 | 58cc7c47602c73529e91ff9db3c74ff05459e4ea |
| SHA256 | 58b9918225aee046894cb3c6263687bfe4b5a5b8dff7196d72687d0f3f735034 |
| SHA512 | be458f811ad6a1f6b320e8d3e68e71062a8de686bae77c400d65091947b805c95024f3f1837e088cf5ecac5388d36f354285a6b57f91ea55567f19706128a043 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5ed786d61156ff03d4d7d6231989593 |
| SHA1 | f9e75b5893d0c3aa88e75c8f755aa80b4c3bf27d |
| SHA256 | 0ca91f12b62912eaadc2774ee527961f8350a3b81a6b660c240b2e6dc4816460 |
| SHA512 | bd95515034c42fb9cbffeb5f88b22f99b852df66a52417076e951cd63303f1f0f3aa2783d5e15ea07299a8b27c8cefcab17ce468503816084a4ea34ece332e2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5708c8f15fd58c71ce3cd6207090d94 |
| SHA1 | ee9460b71e61bac271f7184d1f01ab34be89d2f4 |
| SHA256 | 7d0226a0fe2239173be3b869a155122d959ed2648da04ac606d56f07d47b6edf |
| SHA512 | 1742787e76e4de9022886458c1e11a09a689c7b2f7c2161b69c2cb16cafdf78246e9305b8eab7e7116c40a7594fc7dc7bc484f3e68a4935f62f85e419b87c074 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 835757a46d83a745dc26136e22f750b6 |
| SHA1 | 02136ba86b5f8f5ea510a2925a8db635623d2796 |
| SHA256 | 1dd6cbacadb6504ae6e3ab3758c016689e82dece1bd7bc04a980fd8c1a9a7c0c |
| SHA512 | 4b3b2b8c757c8cca3e1aa3f7c001070213ea8c2e44cb5c97246b16ca33c0e498bb4bb659ea6b2f5fae05f60c3a8503d884699b7a95fffdb09ce1bdfbb62e51fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69db9be8f63b4eb2eb29d17c89eeedb2 |
| SHA1 | 5449f770dd22c765ac66590af1aba9cce840adb3 |
| SHA256 | 8e9f79811c7f5ca6099df2109d0ea6fc07ae3a5e0a976e28d735c35a094e4519 |
| SHA512 | 20678b0490cf479933b9c174e35eb54cb5276f30839c41e2451a92d9bbb5e6b04302591958786588ffba7ebb3b7e6f91d095abf8dc115961000a94e8b4676d64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 9f96d459817e54de2e5c9733a9bbb010 |
| SHA1 | afbadc759b65670865c10b31b34ca3c3e000cd31 |
| SHA256 | 51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609 |
| SHA512 | aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | e98f77c695876f1fb5be900b7746f30d |
| SHA1 | d68be5c834fc18f8d1c2dc6131fc56dbe5d2e3eb |
| SHA256 | 70e3bde20af4c0241b47fe708e77c612b75eed67692179114c24fedcbd35e833 |
| SHA512 | dcfb3868b21dd8e177da9c92d042844b45e89902e4284fa582f10fb414253f0b7902f430a593ab936563eabc64aaf29fe6e2a7bd64d720f08f26ef9a3669b430 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 616f7376fe55a327944a4e51d5fbfe8b |
| SHA1 | 2a48cf98a72e7e61540df31747a98507362d3d87 |
| SHA256 | 785d3cf4b14e15ec79aba6a62fe7877539a7a93437f0370999fa4c3bf358d582 |
| SHA512 | a044037fc0d585c323954a0f65606fff3d8728555e1aacbddcc827464a802018dfc99700d720ec1e2af802f2c35ea07f411b2811796e48f1590bc2094224cb11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2af539b9-f266-4b0f-b399-690d6903c775.tmp
| MD5 | 459710cdf18249697aab8be1fd3251c2 |
| SHA1 | 2b43ff4f9e8b19f9a2f05a23ae3cb47ac6753547 |
| SHA256 | b6cf951777f7b5523342d190e20fb18d2550642ba54c25c167528b5caa8123cb |
| SHA512 | 821d01c6ce3254ea7d61af8284b5418132d2307c23648e8ccf350ecf3453343c98bb62cd7cd83e676724c054f6734c02d7dc69118bdbabafde4251ee666b80a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4e3c003ad3cd6c0149463adc1a6b54a |
| SHA1 | 8e8d9a821a314d5cd88375fab4d2e19d7c7fb5e6 |
| SHA256 | ec4dd8443955e8b32dbd7f9a0a1e6fb0081fe450bb548c0843b0da5c62ccce8d |
| SHA512 | a715be40ec76f7ceaa8185c47638ab79ab03fec70801f3720dda55b1c81bf63e3324c44c0f24864e70c313fe4892c8e189a76f2302463710bed440372559ecec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | baaca5ee69152750e8f780cd72f122a9 |
| SHA1 | 23d2a7f6d84c6a506a38d3b99abe16da0bc4dddf |
| SHA256 | 12c99b07afb087cceb9a6dc76316555e91d8cabbc48a6e5c3310b6c9d910931f |
| SHA512 | 80c7ef0fe6e11a859b92ca7e3322dc0bc86617565975174443939a6cce932dcf3a8e900073853b112152319514a2da851a7375084b66d9103881d4e4c2c1f5be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 442ef349a2a53fdaf662062f234e200b |
| SHA1 | 80e1f9c98e046722e6e17e089241e91e209bec89 |
| SHA256 | d7c3f1090440921c50b34791f12dc3b43acf124efb4393b2c65db97434d533c4 |
| SHA512 | 6e2cf6b6457fec5443d64dfdf057ddfb32bc93eecb4eafa516057c58820a924d8fa291ca37ae5324ee84256dca2198c1221cda0f877394aa0a3261b5139cb680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8303b1148038e005f26443b5810c8751 |
| SHA1 | 889818da98a7490e4516fdd59e07dd4215735371 |
| SHA256 | 9d6b02acb166133a4f76e97a7888775a2d3d3c9536ab67491f9664e19c3be85d |
| SHA512 | 773671838bc0981a0f14db9b871985ffc40c8af0761ee8a9914c25417994e74fcfc90eee4595a3fc6a9be32d585d9995f082348929e69f91f8a8aeca30de86b5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73df61883cffaf059b507dcd3ed2487e |
| SHA1 | 2a7bde5575486755d073ed6304c7c790a873dca8 |
| SHA256 | 8ca5c8ce88088f38fcd447100a3e4e419c1a5fc2a570b1cf3d32167a0caf5a2e |
| SHA512 | 3d912b9331306ddb6240fa4a3529094ecf8b3100874d32fd3436788efc84ca4cf019954b131c39b05cde2a60870610b13b845f087f5db70c5fe2228a28ff67e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 835a4158c5a5ccd8ee97c67b3034e6c9 |
| SHA1 | e55b0b656725e9328e2ab9adcfde0477530a761b |
| SHA256 | b9d7fa9f1541c13e33522014249a60bb7dfea68afa616dee78ccd73a501c9b63 |
| SHA512 | afe8fc961b2df9a892c958fcf0205d77b1a310ced71b6f0508bb6d4eaada9cec375346fd164618cdb7b475f6ea8a36c2b596a65950d19f4a1a4a804db979bff2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0
| MD5 | 77679519ea04bcff78638e3142fecb41 |
| SHA1 | 89190dc215f6fc292742fb668a3a45ed03444c50 |
| SHA256 | 1d3ded849d791070382a6462c4531d02313049ff818d05209b9f2a6bea0a1108 |
| SHA512 | 39113b96a00a36ad76f3d626eb063979c70a52efb38073a356a96ac38a0cfadd4f9d30ed913351355518d10e9d2caf998b24d9875a17ee12442b1f424aa38281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | 4dc19f7e9d7beb291c52bbede73efa56 |
| SHA1 | 2c834410f57665ccda75f9b9bf4016980088dd5c |
| SHA256 | 08e218b33c01a0fa1353be6e3920f212bfed7a272c6e30046e3c564f434e64e6 |
| SHA512 | f395cbd627eab39805d568174aa13370af01bc87126c8941bb29d42c96e1b8d484dd8e203d28a0e11fe2e51bd6925da1de7e994d549d3b5055ce6dac52b4315a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | 89d21593dfed8e38115227872e948745 |
| SHA1 | 3ad0d13015b51824cdc74565ca9dcbdfd3843066 |
| SHA256 | c1d62ddafbf278492e9d3dfc69f68b8dbd0cbd932ff9ebd9a2d39b984f3d3365 |
| SHA512 | ba532516794a96e493cc645551f16c3fc2d1ea8b2c05ddd5ba245e2cdfe623714fd9bcf11b51eaa308e90ed5f4c5dc37e41959f00efb88ff03b3dea442b2436a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0
| MD5 | f258876922d18a0f85c24fb67298121f |
| SHA1 | 97e7bcd5752ce4d942e2c4e964189e0c1ae30f53 |
| SHA256 | 0c9246e5a35a09c3e604ca495ada458b447088ef1ef7f38150a9c97a44fd7cda |
| SHA512 | 1e2215e14db14e06de35778a9feb8457307db7228efd0262adea2e3b9d303f7f831ea09936789e54a25a11d87102840b34aab2fe1630fc3f50dd1b49213ccb81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0
| MD5 | 5935bc9a7f3668309fd000373172ca3b |
| SHA1 | 19ac1fd552ca252905d5ca3ed897c1522959f309 |
| SHA256 | 4215f5c22572cf24b663d726f7279d0b30b864deda72431717bc23cc9c0d267f |
| SHA512 | 96eff37f01ac79743c772b36061e98d8ff7125b02fb85649f34821a1a8010d99efdbe1e24826a41b29b497a8b238d38db522cacad3e272baccc29f72089bd928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0
| MD5 | 22de36ec711335614d0de22b0c306c3a |
| SHA1 | 3458d756e94dec1203c3f14e79a69b4b9b7f5ba6 |
| SHA256 | 73bd66adda240ed1d9b68402b3959c5f42d4ac69c1037396c37e808a52a5d56d |
| SHA512 | e6ad54a4d585724c8ed099b370304f6bd3f729dea05f1f6af0a055f8cf8bd684ca2a7b4a63da05a778b54554ec7b2c6301e48b48c1b62a232c83bc7e78a4bcdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e03dad304d02619bf5853dad4de2eba2 |
| SHA1 | c72be9f1ee23fddb32a253d4a000afffb7f6aa19 |
| SHA256 | fdb926a68c4948d914c1ccd8e3c3e38946adba4b4f3cb1052cd33569874f0fc0 |
| SHA512 | 0232471ebb95a9002726e364a457fc15beb872cc2c7372015de0e0333ab6aa49b2f672e0ff70177198f959409d5706be2b1642a677871b7e51858fb9303851bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0aa6e80c1c63152845c02f6e7b9072b4 |
| SHA1 | bda589d2380c411789fb1073305dc34c059bba2e |
| SHA256 | 28813c6a615a7cc841c4c4ac4ed5064dc95955ee806a5ceb36ed5819af330582 |
| SHA512 | 39f83597e050310b7bcde970c37fa45ee84bb26ac54bc3777a59fd62f593910cc6de3c30cd77ed2886b009b5d3c5e12a13f7cb94310f36a03f17c16a3046eba9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b10657a991bbef4e033d2b3a0e9c09ff |
| SHA1 | 7080fc0e8bdcdd9091032f9f0e7db365383ff9d8 |
| SHA256 | 6bd4a61cda81aa91f37faf9ab2776b8c70ba38e823dc7437bf39de9ab0df6f3f |
| SHA512 | fca7b9b855eaab553c8c4fb4f2bde8a88bffad8771c1da840263383d66e4b3f86521fcd0e650209e2edab3ae9da1080ca6d59ccadf37bc68587bbb4b2d3f4312 |