Malware Analysis Report

2025-01-18 16:15

Sample ID 241214-fvxtzatmhy
Target http://wearedevs.net
Tags
crimsonrat discovery execution rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://wearedevs.net was found to be: Known bad.

Malicious Activity Summary

crimsonrat discovery execution rat

CrimsonRAT main payload

CrimsonRat

Crimsonrat family

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 05:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 05:12

Reported

2024-12-14 05:15

Platform

win10v2004-20241007-en

Max time kernel

170s

Max time network

170s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://wearedevs.net

Signatures

CrimsonRAT main payload

Description Indicator Process Target
N/A N/A N/A N/A

CrimsonRat

rat crimsonrat

Crimsonrat family

crimsonrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\CrimsonRAT.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\CrimsonRAT.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Memz Clean.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Memz Clean.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Memz Clean.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Memz Clean.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 523980.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 295771.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 809927.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Memz Clean.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1480 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 2536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1480 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://wearedevs.net

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7612620262939434008,6172561542346791402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf1746f8,0x7ffdcf174708,0x7ffdcf174718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8

C:\Users\Admin\Downloads\Memz Clean.exe

"C:\Users\Admin\Downloads\Memz Clean.exe"

C:\Users\Admin\Downloads\Memz Clean.exe

"C:\Users\Admin\Downloads\Memz Clean.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "

C:\Windows\system32\cscript.exe

cscript x.js

C:\Windows\system32\cscript.exe

cscript x.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "

C:\Windows\system32\cscript.exe

cscript x.js

C:\Windows\system32\cscript.exe

cscript x.js

C:\Users\Admin\Downloads\Memz Clean.exe

"C:\Users\Admin\Downloads\Memz Clean.exe"

C:\Users\Admin\Downloads\Memz Clean.exe

"C:\Users\Admin\Downloads\Memz Clean.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6284 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,12356957201998644530,12245501003953686170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8

C:\Users\Admin\Downloads\CrimsonRAT.exe

"C:\Users\Admin\Downloads\CrimsonRAT.exe"

C:\Users\Admin\Downloads\CrimsonRAT.exe

"C:\Users\Admin\Downloads\CrimsonRAT.exe"

C:\ProgramData\Hdlharas\dlrarhsiva.exe

"C:\ProgramData\Hdlharas\dlrarhsiva.exe"

C:\Users\Admin\Downloads\CrimsonRAT.exe

"C:\Users\Admin\Downloads\CrimsonRAT.exe"

C:\ProgramData\Hdlharas\dlrarhsiva.exe

"C:\ProgramData\Hdlharas\dlrarhsiva.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 wearedevs.net udp
US 104.26.7.147:80 wearedevs.net tcp
US 104.26.7.147:80 wearedevs.net tcp
US 104.26.7.147:443 wearedevs.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 147.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.wearedevs.net udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
FR 216.58.214.67:443 www.google.co.uk tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 95.101.143.201:443 www.bing.com tcp
GB 95.101.143.201:443 www.bing.com udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.219:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
US 8.8.8.8:53 219.143.101.95.in-addr.arpa udp
GB 95.101.143.201:443 th.bing.com udp
US 8.8.8.8:53 rewards.bing.com udp
US 204.79.197.237:443 rewards.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 95.101.143.201:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.219:443 th.bing.com udp
GB 95.101.143.201:443 th.bing.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_1480_POJQORKEFLNKFPNX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4f7a072500a8e6a29bb986b80c3d2fa
SHA1 777ba798081a3f20cef0f6ae7e64e0239dd28aa7
SHA256 9282cd6b3776ca550fb784df54289db229ed0edd02fa360aa257fb06f64b74db
SHA512 74315374db4b2f00db1176510e34e567afb0cd9aa5023fd5dfaf3cf25a741062887909c131edd54b143bca3ffc6fbf2a0c15c4bde901f787c9e7f2e312d598be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 094f3a37d6cde4cddfa3d2ec7f56b22f
SHA1 3b3a7cb41466c858e039b5170e0a62b6da0bac65
SHA256 c37f44c8d8127e4653d43cad15ee8dace2591b44d83aa4867de14ed7259463a3
SHA512 4ba02672236accc8a7297a8f7fe252a1bb434593c357d5f6c4e8ea11c1308eae69e4650b80fed66ddf97acedab8f38806109c9ef29b1b3b75707ef04e424ba2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b75ce3d958a76844f8fccba4ab30835
SHA1 576f7608819bd309c92070e5120df12a977e6acb
SHA256 528c6236b44aa2d293deb67e2fdc6ee44c388cdc42d45d1aad43cc1814cbbdd9
SHA512 fb0c37ba963a069aed2074b5284fabac222db0d67614abf1d5c3c21f3bb1a1df3c6ebcd78ff485fdeea20f960db4bfc6dc94f4beed6baa59b5bf35e243abd223

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d027cbe24be31435d0169f35a3787367
SHA1 2b4e041e703c61cdea6baf10283bd440e9a929e3
SHA256 c9b8cf8a67d301c3860f71ee897e5186ff3fe878c338d11fea3a6cff0e62110f
SHA512 d61764bea872b74cb7324ce50478d736cfb34adaf21b1e88cedfdd777454d06d93a7675eec1ec9d9df2bc77d97e92b2afe94cb4ff57b5e316553289b801e9c6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 adf3dd730f8ceb88a616e908244c4f99
SHA1 d1b6c354fdadf1e8d14a57332eddb2d6f5617cfa
SHA256 88244456b4ddd6d402ba1e34111efad57075fd8761bc13cb1deb81110140baea
SHA512 3a1e8ea2daa74cc46e9fc6ffab84bf1708f8b89111ebb0f32141eff72603feef6f4de5c39be348b1cf29af06cc42bc8614c8ed6c492b1bf5a1a1b6d4f5e5decc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378626743342068

MD5 53c2de043be62799b4428a27f7e82cbe
SHA1 d70bc7b545feafae4e9171e1339b830844163c61
SHA256 1b97b5d0d35635748d8b23623b367425ef47d4cde145d54568683cec8148d91b
SHA512 187b9dcb9861d4e1aa8b33d255095fd2d200565375bae26f789377b67a3d229c53e3b647e71851bc863d42131bcbe6099bf30244bad3c14e2ded95278567c64f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 c4f8806cd1753235ad444e7f540f00e0
SHA1 e7d611b292c34f829265de214d788164c123ba0f
SHA256 9d2060c4fd47954117f3024020ad152dbd0a2c911ad0eb3faf272680ad7da0b5
SHA512 4635a388f391b872b558ae3d973074bf95ad9bd1293edc3d13ded7cb7d920eda4245b7237d69b7dd60eb7a365298ea1f01f1ec048d2f5ee916df8c2a2f193562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 447d2aedc87c77a2cb9bf093d0780296
SHA1 dd245d053d8c2e116c13b6c12148e4bc166d51ff
SHA256 714ed4fba3904dd3fcc7e180d916454aaf34b9030c381a0378466ce4a30c1dae
SHA512 30286d95c43d8b55ca515270a50b01c1c0dff4d13e484006ea08d03f24e808baeb49dc010483d9a83a06e595605cebef45020ee77747ad1b976c1f02d66a8105

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 22c6ec633f83f8dac613b5f8db989add
SHA1 fea6af1ffd62c4bd5ae86409fb17ea09ae5a0648
SHA256 05072742117aa745054baae9a887d8a20d25a787eab0349877687c1b0bcc5350
SHA512 cc85aee7889afa6868d64bde15753d3fd80eb007a377fb96e3306e5be5860accfc591b749304158175a40fd3ba4012ed6573cfddb3a0004df0d614d504d015b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 6003e6559c9adb8e2afced344f6a4627
SHA1 22e3ff1cfddd51693c1efdff91ec415258710cdc
SHA256 129402cb163ac3a39d0db15d7529ebe918defbf0df5b14ce39bf9d713860f0ce
SHA512 bbd63a441b27621c2b11644200f5b2fe495a0d8ad9d4b920e1bc3958877de4c848945ee67bda634c1bcd9e5761a5f1c1bb466e3fe3c3bb185edeff9e4414c6fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 5c0ce2597029d8f34b7f344af1f20646
SHA1 c8521aff61bc786937e4b34f7cd5b3c5131ffc46
SHA256 12a2583e66319612c513a35b8375782e11bb955e497745d244195eab450c288c
SHA512 5802e77bcf31f0e68fb1bdd9728c4f3c338a25991ec932fcaa0acd2847a6d0c61b9288589505c06acc1f013905604167aa091bde5f6e676a8df29174e5051f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 2c3bf1274d54dd4aab16f8bee7b3fa54
SHA1 325a74cd623fa3b3cf40027ae0c6c0051ce0e046
SHA256 2bc60f7de5fc71fee707904c9cdc98c749f2cbc6460a10a41da0402beed45adf
SHA512 b08fdb07a5132764731ede0a0344b6a633206eaf40c40e3b3f44a4ce3560ce1c904bead16da4a81041352d4bcc7077c7db6520dd1f79b9022e9be5f1345f34d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 f0fc948c76e493e169d259aeaa544b0b
SHA1 4317fba382de6d8db193e122f1ccb5a479d9ad27
SHA256 7e7aba78fc3087d9f43b4a39090258487aba2d0689702ec0ef90af157adc056e
SHA512 e5263a54c33dccc4eaa9afcaf4827d0a1388125d35cdeb1ad5381117c96ca02084bd29d89601f2302852ae8af267eede2df22eb12ea7381285887d7cc043eb05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 ce259c9c9fa193a664bc44d2dc1975c0
SHA1 4bccb42f523678cf36b7b94854c919d48ef1f817
SHA256 9eb8f99edba24d558db0f6fcacc61aab3154efdc689d961fd30844c6c42e3523
SHA512 835fc58fb7efa6d6c82176010b59be58526f238d4df3009188d8ea6d8f957b2ec1efaf11f1fd7c83e71939a5dfc40355b2f2f2a407de8b32f88a10a4e4a0a676

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 3291b678335bb3384d10f8af283efb42
SHA1 581a537a63c4e0bde8ea3602668cca494c186cba
SHA256 012c70a60541918713caea10c75f68674e9cacde6f993c94c6d379d4a994d36e
SHA512 65a8490f9b524ec5d274ede4af2725ec0946788a8189ff44b16ed5c11815231b83f1a62e3c3bc73d06771a0e9fbdc6441972861d4b124623507b822b7dc75658

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bac895ef8f739f9bdc7086ca3436069a
SHA1 1d98efb51f620797ed51867a5d24689f16786f8c
SHA256 df7a25f79d99fdd9058741acd3a1c1f520e9cde9e5bb0a26aaa5f845e4f9a710
SHA512 22ee86acb8fd212e59c66ed5ece63245feddfd696ecc1355581cb3594e33a2edee08649f209d888db17f94439c658da851904d49409fd90496aa7e901135902d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 eb16949bdb70a34d31bae41f73b63b00
SHA1 d718a67c66b36882f6135e58eedf45f06753b44e
SHA256 d871c0910fd1ab395b432739b65ebffaa5513e08c3f5301cfa5e177a7ab7b453
SHA512 88b690dd2190f2feb4c7adc77dbdfdc6fd3a2d24121bf050402af64af938b0288001b57a7442a8f9a49a5f5ab7f86dcd8182dd34321f941379b7e5e553a6b41e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 30f70abd3771b22372a08ab2658837f6
SHA1 24dcdef7633e97b8f1ae0b87b345e72f446d5733
SHA256 92e1ab7525f595cb04bec75c2e1ebf887fe0bcb26c2b5ff5f33d012c2cbbca32
SHA512 b5abb3be770aebf0555d884d0aa1c20677c1032a302a01c3add428fc4bdfdac9ff23a42d7873d20f9351727395e50b017c64a26e25fb002caa35720351844c2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d9255c6edfefd0a442cb13f82fe3f74
SHA1 f95f3dee0dd15e03bbecc58dacd1b37d4a1b938e
SHA256 c67899236115f2766a12c6bfd438d63909b4819376b340f0bce9af1f1bf5adc4
SHA512 00e6c4431b7545f4cee8c13bdfe13fef730035f5747b0eb7397eb723597fce0bb87ce222128066c538078627017d82ac607e57596a2eb37562f1b509357f0048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 7ed847533e9a6dbb89e860b4e25a4cc8
SHA1 29f85e5c7c579392d8e8b583f6642f02f7492636
SHA256 1e1748b44f9dac64429b9ba25e6221df34fb6f0c8ce8274d3338b1c94619d763
SHA512 9c404b5edc7c6fdecb08c17733e8304f5231736ab165366c3a57eb9d8043583a3578e0a3e483121772db1fec55c4067a135d0527aa38d37ab6679becfec9ef22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 0df32312f8d923ec844256d1f66c4736
SHA1 c2293a422aba6c1d7ef1e45d047cb96bf4317e84
SHA256 4ba90682d72b15f2aab3eb0fc097d4f527766418dd3133372eb6a0f61b253eb6
SHA512 82a226ade43db8d9b0d3a74490aad314a54703647709f0b728424c430fc496ac092091acf9cf821f7a5853a56ab155392c6388aca62c48d4204b2c2461b7d430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 2787f0930f3d36a47eb4cc2df53a2202
SHA1 0ba955a6814dd53dcfe6e5b9f83d2dba834e5b4f
SHA256 8f83b13135f9b1553a03fc17b4367098431dfd0967ad776ddd2bcfce6de8bbd8
SHA512 f52ff12563d8b5029b3dfabedfc89880588ff3f291fcaf878cc466f971011603dcd3b5a2682d4d7b9e0c9fe3ece904e45137856f960965ccc126bc1b0219ecee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 4c00fcbbc5d368f8d8228cabec29c7ab
SHA1 1cdd03603466ee93e18f10d55f46ce69049cd3a1
SHA256 666b739ac8303d4c889b6d521bced72e685cbeb2b2f2cad432609e3a70914f6c
SHA512 a111948271bdbef94c351bbdfb547013f4c26a48ae3509ca588cd565b3060e8aba3da3fc3dfbd37314e8d8f2342a1c690f9e255e57f8f485aa6b9da58e498f1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

MD5 a33b3a3fdf5161be5bd861804961f557
SHA1 68a57897f1686a3e62ce9808165e18f31661d077
SHA256 ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560
SHA512 c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 e43ec4be6aa3341ce00ad65db356f628
SHA1 694fab30371d0b471551a2b9b9ec8b8075ec0d2f
SHA256 7c51f42f0420b2cc536a31c4ae3093d53db6fc0ad310802fb838f8da4368804d
SHA512 317c05839ff6fa7417cdc998abc201ec9d4a5369b94b44f4775bdfc1069e6581527d9b4dbe415f7a77ccca887634d76bcb6f1bc558622e7c7fb131da7c2ddc59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

MD5 fc97b88a7ce0b008366cd0260b0321dc
SHA1 4eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA256 6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512 889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 483898f23e7d0c775d0351b3d178d2b3
SHA1 f1e5e77c5789fbd3e6883e2c278daa21c816774f
SHA256 ec605fff44ae9131a89c6d0f8672ec18468de69df169a1ed039cbfc180706551
SHA512 815b575e1e94b2145cc5bc422a9e04c91527f270af9ef7e789777bfa3e65c0c71d4e506a20c287e8d4be3130b6723c314eacb6c156e8f9718ad5a9af8b44f45d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 1bcda9c37fab25241badff7aaae1d665
SHA1 c68426f9554dbfdc6a77112bd80f9f81b2f3ed7f
SHA256 02b262f3860149623faf0942bb1a0bca438f8134deba14fa7ed4663f12f0135c
SHA512 b0536a07cf276d65e042a9d9741205ac39d7724fcab9a8b2b8e8644b037d0c863d8311e1c82bbdeb81e8718359624f7df90c42f81b2efa81f01050531e62c18c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 9ea6317695a411987c87416e61d4626e
SHA1 b6d32bd4dcfbb3f35864087e93e47d2b5b7dd2b5
SHA256 0f90f345d9a21a882a7ffd2ccebea8d19ebf659e06e260ec89a57b591b8b205f
SHA512 475a75a734988612b39139e944a557ca3324191e8de9ed60dafcc9556caaf99ae00052c8283e9f74d8b7c076986ebd28aa0382d3757fa434530690197918c324

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 79ec46bcb4513ace172d064497bcbc9e
SHA1 ce23d0541e768c5e832edfb5780a6f270afe3ddc
SHA256 c9a52c5d339fd8916345812028a2e8afb2fe1306ed691d025ca4b18efe1425a8
SHA512 4d570a84305c1a8d2c0021ca91a6decc9c6d38953dd17d657326a898467a0605b0b94ac3fe51aeb56dc497e5f1daa583beb4819c14e9efd7392a645292d44d57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 f8dccdf3e674734ae1348090a6600a49
SHA1 8c132338991f85ddc174d6cab3b646380adc20d5
SHA256 ccaf90b817174f7276b932dd6bca56622ba491417881ff23fc2ef611a6eb2486
SHA512 c1be9c85a840f2779834cd6a503666ed7927182ab3bf6bcddd791805c0299bb74833417dc8fa5735c248542d9740733b8d81ab4f8f2e4195ecb38793f26aab71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 ca5d22dab28181a9311f35f0cd6c34c5
SHA1 1dc9aecd81b5f220866c79751d671ecb183ede60
SHA256 8273e348759023f3e9df581caa9e7734c84c37a5ac2e95b0f5d9b9d65ccaca65
SHA512 409ce830cb576f3871bd0b7fade666923f33484bcbaf70942816212c81490ca5994db992d8c87fbf7d0a84e45a8b0111c5d08a89e168c8f415f34cda5f58ec42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 bee8e2cd1e0ed183be29fe09e9fc6c95
SHA1 090f3ab550aed7c04b05e15ce74c4a7fb18ed248
SHA256 94e69f76e65916fe7d7cc217a08de382888d351b911e545a7d9679db34074c72
SHA512 2e79ac01fdf68b36f20fa7dbf88fb11e723ba812d01c10d09df2dbbdb3dad10253f3cbd41d8f84d12ffa55f97d645df3033b4417cba2b6db847779571c42b806

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 34266bd001f55b78925e5fa2f38dd763
SHA1 e02d44e8e9b05bc9842c3fb319be8bff10bd0081
SHA256 99a6aaf06933d592aabce042783893ef22a343b872610b14bf9e573912fd22cd
SHA512 69a0e720db1650fa2b54e57f8eac3fc5318ba9b3bb6f1c511de0c485fee606c327703a216a843fe7f44d83f39d62de74292e6fb1910d8af271e5c75b72aa66b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 8fab2bf7c02221133352d7b5959e70df
SHA1 4fb737a0bb7d369998a7914409a28d5cff1baada
SHA256 35f4c043c49f3514a95fb7aacb92ec74af585adc28e9dfe010716e1d61e247cb
SHA512 5d0f492c36d5bb3a537c55c29d24ed671f22b16cb4d18465bd4452217bed1075fd008dbc557024eb54f8a818590e553c0cbb82c7c2e322ea2ef8606faccc3c3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 947c8e0e4db7b24e23364ce35287539e
SHA1 7e101c06d1daa0f5454495adfcb094c287728733
SHA256 10958e3f1428f63b9309eb25a6a924081333297e7cb645b801dd45859ff1681f
SHA512 db3fc77159f8dca9bd8740f0089871509c21f224dd22906eceea60e6d6dc36169eb3f2e1fc5d6258aa40003be81ae5f3482d331025702afa718c6ed7a0a652e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378626743096068

MD5 108363ad8236aaf9b0170fb5c7ddf56c
SHA1 7dfb7ec1ca09d7ace3df4751642cd86091f23cbd
SHA256 7583982fe1a26b03fa25c4d6d2eadbc708914dca9103482d3605afad865e3588
SHA512 22d05efd14140ecffc33228445201dc3ade459b6f03376ba116f3c932ac9a4d15f999acc61a85736eb313694f2e65c74cbf63759738fcdb702b9619b0dcd59d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 187b771a62c778fc3034025fe30fdc13
SHA1 aa2ca1b73bc2275eb32fb38798b91e9bde61b904
SHA256 9993d27b3ca5c64fbe018151ae198d49b3e0d12bcc6cfd1dd0202d2d30a11629
SHA512 526f9bea3262dbecd404d7d589e0e56be79e70d80ec832eff29d0d1a88e59bfa9f25da9a973dccf04176b315a642eed60f800b4c45d1ac225fc31e64e3599c9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

MD5 aef2484b662c9af766d8aecbef5f483c
SHA1 190f0a82fdea6da1dcb45b9ff44559b755d64c43
SHA256 2246b3ab57f55f307bc2ebc6ccd25dc49559ebb2cbeffc1bf23b37b14fa925ba
SHA512 ece5ab79399a3349c6a2b38ae6a38962f4b0871cacd66ff8c74349bac0b557610a9f48fac95849c048036574812fc700b0b5ab9548cfe341aa4bc0505854d9ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

MD5 031d6d1e28fe41a9bdcbd8a21da92df1
SHA1 38cee81cb035a60a23d6e045e5d72116f2a58683
SHA256 b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da
SHA512 e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

MD5 2b432fef211c69c745aca86de4f8e4ab
SHA1 4b92da8d4c0188cf2409500adcd2200444a82fcc
SHA256 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de
SHA512 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

MD5 4966cd97f0f818cf8d4051dbef9cead7
SHA1 686150fb346d5e77af73f4952e5b6556854d1898
SHA256 6d10a01202ecd3a74b623d7dc71a427f9d458803d031db5b0c52d9bbdba6a0e6
SHA512 c0bffff920db6668edb8474c48ff74eeee5b9afcae6466587973691b00dce4455d38d630c46e1424e815d90bea7da70503c0cc3a009bb391554ee9d12fd30f0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

MD5 cf4b0a74bdc68a111bd7ccbd8569daa5
SHA1 e567e83b8db5476018dfed63802d0f60690c8139
SHA256 f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d
SHA512 4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 ab8ce102e0f590728bc26d9ddb499ca1
SHA1 4de1f9d5deedbbd1bc1bf9a7af23d287f409d858
SHA256 65718eb82728a5dadc22c60581cab64cd9d409c447abb276fc9f9d0478e799dc
SHA512 37c4a21a16fd02d2263a628b3d438163fa495adf03816d8e865574893e0555ed4b775d68fa100fafee966d8702185409d34800f24640b3940a40940f25a38aa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 494f1b7b9fbbd853c0c8664bd2124b52
SHA1 439d99b4e460c260a82dc87bd51746bbee8d7f84
SHA256 9e7b73c91b8f5ac770c99f5274cf55f482bca75a589726a87831ca5d0a240c3b
SHA512 659225f11400f732960b8fba4005239315ee23f70e1c1ef719312075d5eba359d702e2947d66423b818087d175a588f77b72c45da6ea23b643ed0c159394a8ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a89919d344d4ec5d641db652ddc18804
SHA1 a3306a8036e2c18c7c240fc8e3ed3956f74d7f9b
SHA256 cc9964201d1319e47a5d53b18088de3c19cf2916a35b287fabbe818707e8c7db
SHA512 f888a14d1f63a3aa860ab23308df7136af0db4503df04c5229f7ab2741e38c61e05d04d47e21a877bafd59cb0995481934f18088c8790971782f1bf448376694

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8985196cfcec22a7b00cd2e4e894359
SHA1 71893d581d9a6d305b674e0aedf14db9e95ab9fa
SHA256 12bce74234581a2ae85e3a04b02a5f7e185884e66842358a536e1cfc7122dae4
SHA512 41e0e465e34efbe33c9606276c09ab46fc232adda8ce61b9d7549d8b8c609b1c9a219a49c803ae15755bebe1e759eb3cef34775cdec76df2f602ac665345e84c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 b275fa8d2d2d768231289d114f48e35f
SHA1 bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA256 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512 d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8696c686510de5f015577c47e1edefce
SHA1 a7ec865abb2ba0b3a2b45c6c39cc392dd63108da
SHA256 6987a4ae1cde8fa1df3bc2f0229bf1dc6bb8beac7e05f48d9792e72de1b39868
SHA512 c333807648e3bd1f2ec9fbb59972723331c8d3e394338ef82b3f7f516b3ea9dab27f8f34dd9dca84b91915f9af7ca9e40e113cdd615ed372490e25b417300f00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 442f75993b5cbd270c2d7fa18c108f62
SHA1 a8079fd675216c394873b8b8ec8e21faec3b32fb
SHA256 af4e5e002a98a48131a443be2617fe6c6812cc3a73bab6523dcfd4ebd0baa9de
SHA512 c3fc395b4bea22d0ce1b4f02d0ed723ad683cffeedbb773dee6fcd319da733eeca936546c2e9a02a233ca3ff336f78e191e9f497d9a9fb10d27aa271bb5cc4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2138cd20e5adf08e2bc65e2e94528311
SHA1 5d1205c74868021a1618d1175c4d6b6a4bb10c1a
SHA256 70feaf9458cbf78a08ae9829d29d50cceec841298a26ebfccb189617bf3a0ef9
SHA512 e9d912e1db761d74f4ede3457d2862e83eb346ff68509e6c65e0055b81a42269015cc6fcb3c66d582db612d9c69e8fd0c22d54f8d6509f036346163a3f5b41ca

C:\Users\Admin\Downloads\Memz Clean.exe

MD5 9c642c5b111ee85a6bccffc7af896a51
SHA1 eca8571b994fd40e2018f48c214fab6472a98bab
SHA256 4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA512 23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a28ff2616910166bff24cabd064a819
SHA1 f20340ab4ee40725c0d15fe023a81466ef5a70ac
SHA256 c04aaca3aaff27796af9ecf727130a25cfd9b4f063bc7d577fba1c3807ede5ab
SHA512 2453b421c8288af0b62972a1408518c5d36f003522d8b7916baa85aaca92ddf8096f108e7edde918d4fa482310e034a99bab7c7e4dba97786d813a0a3b22b1e3

C:\Users\Admin\Downloads\Unconfirmed 295771.crdownload

MD5 bbae81b88416d8fba76dd3145a831d19
SHA1 42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
SHA256 5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
SHA512 f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb2ed7306280a26e525cc3c2711dc1f2
SHA1 43fdc224df8c5f080e1b617d51f088b1c82b991f
SHA256 cba45b78529d83789ecbb39f664ba88623a92a00c19190f945df2c3ef982decb
SHA512 0902eb058069293c60d907692cbc4b3cf07a9da3d11a3a212868a6a178471b7e6e2555c159ea06d70d55cb604c83b8d7228fe5056bd6d669b8f12fd364053e07

C:\Users\Admin\Downloads\x

MD5 4b3df13992e0396b7c177e92f1681d51
SHA1 c83ab930eddb5ba3ce11e6639f78c7ce2ae90644
SHA256 9b724672ccbf94154d18a0a1101ae6665166c420d9f373bd22c2f3fea41f043d
SHA512 58024fc8bfaa93b9b58c6ef86e8056658d62dcfe74e914e177a3c25901ba8b2a094457b05a860cb52f741d2df77858998d0e06f6c83e1666b9d158b2dce1921a

C:\Users\Admin\Downloads\x

MD5 c8b5f2f4142f90cfc7911d5ee3b345e3
SHA1 4123baaecdd2c5feba84b84b136bd872a0556cda
SHA256 b1583f16ee73fd3b1312715dd9992faa585af067ec70f0533e8ddd2d42628039
SHA512 e2a801c0ad2756933dc001851ba81ca8ab330bacace029a5e4347a6d500f30fe05c3153f659ed60cc360c7525c6ac2ad9f7cbeb1f179f5c1eb29d191e5b06e95

C:\Users\Admin\Downloads\z.zip

MD5 30d1acb1841cca5aeff2c8ce3b7bdc97
SHA1 30e21e89234bc4bd6f3f70acb5ec355dddb7df23
SHA256 857d85ec4b7da0c1e482d7efe75a302fe3ccbc00ea332fdfa206b40a6e2050cd
SHA512 2601feb6c87209d74c8a3583c8f60b98f1afa028726d13c37c9194ce06f32d9de1101a2cd0aede7ba3549427db498a969b2f59c23c25d88737ee205dc1287573

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7bbb9b8ae5ad948a872d6453a52893d
SHA1 cb4499537c5a22c46231fd8f25dcccd62b9fc9e5
SHA256 dbc5bde286d55faf3c1e55c298216e46ea1cc7a3917b9bbf5dfc6679f5b58690
SHA512 6f7717a6424aa55dcd108c7f7e69432ea69617ee1708c5191eda44824c6763abace15334e741a4e18d759775aeeb9ea0138c5d2ea2eb8dab8e848062b62013d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4d1f0167d579eed1b7c4d320a6ad64b
SHA1 e21fcc8966e2224aa483e2845616d1d749139fc8
SHA256 4d838ac2c206c151debfa5e021c060ba1168c19eaf95f1a3c62b32e247113e5c
SHA512 8c3a0fdd8ddb65c0059f333567f4e089a79178ed978c6e6f7adf13fe6ab1e33cb3375c6ea4a9b438134b734df76c4e3fe1ca03e471e732597aee266459da5f5b

C:\Users\Admin\Downloads\x

MD5 ab28f43718a2775c4284f081203014ab
SHA1 d885a4fe26da9ec53a9ae492ea807d21701f21f0
SHA256 5b592b279c15ab6a51625c8647a3856fdfe33ba3522e8405417f966e2078c382
SHA512 0dd53ea60ef73c1f4333846ae10b8f54265480dee5446da83240be8308056738056dc194e932cb4c40a1ab5720e07e2a275dfb1f8c6a7088be0933e8a797f9ce

C:\Users\Admin\Downloads\x

MD5 4a9f8144ac3f5684adb6f6651cfbdead
SHA1 1010fd7a7db21693cb3f80dccc1eee2bbc0538a8
SHA256 37be649c17026f0ce651c6a059462e2c6b01ecc867ae1872f5189f4989718b55
SHA512 f80b955918c36db123954e67b9faeb3dc22db46b09922d2ac053b0ce878870072278c5162cafa3f34032a1eb8edf82153b5b971cf63cd382963c86dee6015f5d

C:\Users\Admin\Downloads\x

MD5 5ce1a2162bf5e16485f5e263b3cc5cf5
SHA1 e9ec3e06bef08fcf29be35c6a4b2217a8328133c
SHA256 0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43
SHA512 ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

C:\Users\Admin\Downloads\x.js

MD5 8eec8704d2a7bc80b95b7460c06f4854
SHA1 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256 aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512 e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

C:\Users\Admin\Downloads\x

MD5 3d7ecb61f95c33e66d3e42fc400b6ce9
SHA1 2e816a2d78b25940f3a2c5cc5c80fd50c5b369b2
SHA256 e8864fe563103df116e28aced21f113b5c36fb7f3048056673436fdd28ccc6b1
SHA512 bba9f827f20162eb357fbbc86db4fbfa1bb73e3e9d902a8f0017af4ae5f4e8df58d0108a4efbc71d00f61a595cc3aaaa8823c1c517c92a5d27076d5bc5422769

C:\Users\Admin\Downloads\x

MD5 9ada52a951330f55a7eeed735464f140
SHA1 57977e905089aa9b524c19f06da15e20c884c824
SHA256 9d9bf800a69f503fa92dd006a51bc00669be6d5f324d0329f9845038eb8c59b7
SHA512 9db7f81bf20483859d7776b533657c055934d6187ef9b100064369210b2d037ccbfdeffe29213414d979b82556d106a1e4c782ec04ad7b6274b14fc54d73c3f0

C:\Users\Admin\Downloads\x

MD5 636675d7b05ec7ccb7183303edaec334
SHA1 9ee6fb2f2fe96e90e164ddd9f1e891caccf97fed
SHA256 c02614dc17409f3d99bb4db8bbfb050a0d5ba3ea91413e5eed61f361973ebe5f
SHA512 042bd23d0c2fdd0f6497d7cea53b185177a6a049c72e805357bedb09db9d3d9063ced760fa9222c922ca9d394af1dabf74075d3c46dda6b6cccf598970cd02d3

C:\Users\Admin\Downloads\z.zip

MD5 93626f75690204826c23aecaf329a69e
SHA1 ee50c26c9609413b213d1e4b326b0b2e2f873b3f
SHA256 38699aa94f88df52f5ea924174a2ba0ac2e36fd0beb0184afeadf4b400c1d73b
SHA512 01d0ae02688245d60b408a260f955c1fc1e5eb74aa905c3c8c069e05d397d3e1dace37ce54fa7c33ab3f6c33969fa308bfdf89717060dee4b9636b281f2452da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f46248350d6ccfdafce9e408dbe9741
SHA1 74e1f3ed0eb90d9438579ef285270331b71990f8
SHA256 9c50f8a988246651c29e6d25410642c1c8a6dd6b58461bf08c8322d0f2a2e683
SHA512 77e13b9cc421814ba35a9f5d069a1ffd84fd6bcf9c9b33be369b53b4bd99ce313970e4c11a802caccddfef5f2b254d646f978f281a3e6e4525865a90b33d8a0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d0a5760a93f1dd0f0f59d779d0f5d4d5
SHA1 49b736ad05681e498110eb3cd618402afc48b2c0
SHA256 fb983ebf1b3f3a82581e107da466d21320f272fb08f78e1003362e95d7322833
SHA512 24621b228c87e6511022e6d4a7c943572fad88d13b6e545e73a7bc3d3287347b208b4a9f176b61de09960513628a6b42e3c7e0e2a7f26c2fcdbaf961862affa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 5dea626a3a08cc0f2676427e427eb467
SHA1 ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256 b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb8f2982a2ff9d2cb88fd58f6b8a8f6e
SHA1 5f346841314fbeb321cdf2c9e8e83e8e055deeed
SHA256 f6580046397a42178e35e9c4eff8e9868234b643b0b1513dd170cc8d4c298ea0
SHA512 f2d65fbf012ec26cf5ff4250cd8db0f9cd4c1369d8f3b811856e90c59380d29719551e5026a26b2b51d5cf69be88987bf15516e7e6fe53cfe05b322f5401005a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 18a9531f05f4a3662558d102349767b1
SHA1 328114b78180b5931d651669bf0b21d3a5cf8adc
SHA256 2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716
SHA512 b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a52ab73037227fc6bd75385a1cd432be
SHA1 7acfa02863285ad3a9925774fddae934dda9a2e2
SHA256 3f551e69b4ba73136abf628bd44a29dace9add624e05b9867e97f0343ffbe97a
SHA512 b19c251bc9129cf91657c785706b736964c96dce403deba942c464e1a5ca56e4d7ade554ae0dc37439fa336c4662e1ed63dea2f086804cd4150b6585aa81bf14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0299a2d061508dee0aed2087014a583
SHA1 60830c139b1d36103ec8b4048c128c4d0bb3c73c
SHA256 23d834ae30b79e40c9cb1ded9040ac45509e40ddf04768f0faed7f6d0ddd4d46
SHA512 af53863a9150d114be521117afd6442fb5cdaa8398e7462614164ac2817ebac3bedd03b39fd8fcf13bfc07f15254eb1f26b8e93c675834b22c1ef35fcf6f8e98

C:\Users\Admin\Downloads\Unconfirmed 809927.crdownload

MD5 b6e148ee1a2a3b460dd2a0adbf1dd39c
SHA1 ec0efbe8fd2fa5300164e9e4eded0d40da549c60
SHA256 dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba
SHA512 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

memory/5336-1654-0x00000180B2AB0000-0x00000180B2ACE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f07a4aebc88306aba07b2125cda4cf52
SHA1 a8d1c563e9d8f7b4353621cb189b2634c800a736
SHA256 d91b3212cee39d963e8a2b24182c041e0cc070a5fce90f1e122820c54fb4eac6
SHA512 2fd5e74ee8fa0f0b61754c87542363515ddba224730ced918d69838402ee75b9d254108151a9b056a9122cffa4bb759da39fd48d327fdedc86b5e8629520dc54

C:\ProgramData\Hdlharas\mdkhm.zip

MD5 b635f6f767e485c7e17833411d567712
SHA1 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8
SHA256 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e
SHA512 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

C:\ProgramData\Hdlharas\dlrarhsiva.exe

MD5 64261d5f3b07671f15b7f10f2f78da3f
SHA1 d4f978177394024bb4d0e5b6b972a5f72f830181
SHA256 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad
SHA512 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

memory/4896-1703-0x000002AFA7B90000-0x000002AFA84A4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 801abcc55188b4333a9b4648f4de0ee8
SHA1 26ef769b152ca3fc436766e1efe60f0cc84c17cf
SHA256 e449f24c51c1565edaa25f510d78c19804a1bd0fcbc1e33749a931fb5cfd5d0f
SHA512 2f955f62c31ed82d38ddcc9ef3c1a7b3ecd7ea91ca5581700d4594ceff15703a6c5e5a3e883d03ecd09ceb50e2cf0ac17d3ace464a0d915d7c2742de6ec72a7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ac5fcd33fd50beb8a9528485d4b8f3b
SHA1 890a7ecfd42d61d224e4ccb6ee42b5c6ba78979f
SHA256 f867e9f475efd9e4cedfd68dd3e4e0ea6c3f4aa5de617ea163f3addfd949aaa3
SHA512 bfe546125125a1242d7a1e780e7f4c843583ffb09e3436a55c7d148b2ddac508d8fbdc0c06256d0a0b3b8ef3cfb4eac41b3c5aaa37ccc44696c3cfa0a462c6b6