b162f02efbadb2f5d6fd7ec434eb830d6f420aa92a530ed8afc874fb1eef7568

Analysis

max time kernel
64s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
10/09/2022, 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

doubletrouble.exe
Size

6.9MB
MD5

6d75553fa1aa48cc40d34123382f43fe
SHA1

75909fcdcba065a23b9733b8c13ab10bb0bdb8a6
SHA256

b162f02efbadb2f5d6fd7ec434eb830d6f420aa92a530ed8afc874fb1eef7568
SHA512

4f696881ffa6bd2e4aac58f8e1171121b3bbe82911cc7737d8c49ffbe9192a09c706ca51a618af7be53c7ee5135a06778795e9f265829bb7fb0bab69d804db92
SSDEEP

196608:0YwZPL2Vmd6+D/Wc/f/+SNEBqglXJFf35AP4UC:hIL2Vmd6mOc/eRRdJFuhC

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 19 IoCs

pid	Process
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe
2588	doubletrouble.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1348	412	WerFault.exe	110
5444	6324	WerFault.exe	322
7852	7468	WerFault.exe	352
7316	8180	WerFault.exe	368
7428	5620	WerFault.exe	372
7912	7944	WerFault.exe	386

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchApp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchApp.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
2668	taskkill.exe
3224	taskkill.exe
4036	taskkill.exe
2080	taskkill.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1071"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1071"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1071"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1038"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1038"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	cmd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1038"	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3752	msedge.exe
3752	msedge.exe
2528	msedge.exe
2528	msedge.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2668	taskkill.exe
Token: SeDebugPrivilege	3224	taskkill.exe
Token: SeDebugPrivilege	4036	taskkill.exe
Token: SeDebugPrivilege	2080	taskkill.exe
Token: SeDebugPrivilege	6296	taskmgr.exe
Token: SeSystemProfilePrivilege	6296	taskmgr.exe
Token: SeCreateGlobalPrivilege	6296	taskmgr.exe
Token: 33	6260	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6260	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe
6296	taskmgr.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2552	OpenWith.exe
2780	OpenWith.exe
4332	cmd.exe
5988	msedge.exe
5512	OpenWith.exe
4852	OpenWith.exe
2780	OpenWith.exe
5216	OpenWith.exe
5792	OpenWith.exe
6740	OpenWith.exe
6288	OpenWith.exe
4204	OpenWith.exe
4180	OpenWith.exe
6720	OpenWith.exe
6280	OpenWith.exe
6672	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2588	216	doubletrouble.exe	86
PID 216 wrote to memory of 2588	216	doubletrouble.exe	86
PID 2588 wrote to memory of 3784	2588	doubletrouble.exe	88
PID 2588 wrote to memory of 3784	2588	doubletrouble.exe	88
PID 2588 wrote to memory of 1512	2588	doubletrouble.exe	89
PID 2588 wrote to memory of 1512	2588	doubletrouble.exe	89
PID 1512 wrote to memory of 2668	1512	cmd.exe	90
PID 1512 wrote to memory of 2668	1512	cmd.exe	90
PID 2588 wrote to memory of 3732	2588	doubletrouble.exe	91
PID 2588 wrote to memory of 3732	2588	doubletrouble.exe	91
PID 3732 wrote to memory of 3224	3732	cmd.exe	92
PID 3732 wrote to memory of 3224	3732	cmd.exe	92
PID 2588 wrote to memory of 3700	2588	doubletrouble.exe	93
PID 2588 wrote to memory of 3700	2588	doubletrouble.exe	93
PID 3700 wrote to memory of 4036	3700	cmd.exe	94
PID 3700 wrote to memory of 4036	3700	cmd.exe	94
PID 2588 wrote to memory of 5088	2588	doubletrouble.exe	95
PID 2588 wrote to memory of 5088	2588	doubletrouble.exe	95
PID 5088 wrote to memory of 2080	5088	cmd.exe	96
PID 5088 wrote to memory of 2080	5088	cmd.exe	96
PID 2588 wrote to memory of 4312	2588	doubletrouble.exe	99
PID 2588 wrote to memory of 4312	2588	doubletrouble.exe	99
PID 4312 wrote to memory of 4164	4312	cmd.exe	100
PID 4312 wrote to memory of 4164	4312	cmd.exe	100
PID 2588 wrote to memory of 1880	2588	doubletrouble.exe	102
PID 2588 wrote to memory of 1880	2588	doubletrouble.exe	102
PID 1880 wrote to memory of 4720	1880	cmd.exe	105
PID 1880 wrote to memory of 4720	1880	cmd.exe	105
PID 2588 wrote to memory of 692	2588	doubletrouble.exe	107
PID 2588 wrote to memory of 692	2588	doubletrouble.exe	107
PID 4720 wrote to memory of 2532	4720	msedge.exe	108
PID 4720 wrote to memory of 2532	4720	msedge.exe	108
PID 692 wrote to memory of 2528	692	cmd.exe	109
PID 692 wrote to memory of 2528	692	cmd.exe	109
PID 2528 wrote to memory of 412	2528	msedge.exe	110
PID 2528 wrote to memory of 412	2528	msedge.exe	110
PID 2588 wrote to memory of 5096	2588	doubletrouble.exe	111
PID 2588 wrote to memory of 5096	2588	doubletrouble.exe	111
PID 5096 wrote to memory of 2676	5096	cmd.exe	112
PID 5096 wrote to memory of 2676	5096	cmd.exe	112
PID 2588 wrote to memory of 4256	2588	doubletrouble.exe	114
PID 2588 wrote to memory of 4256	2588	doubletrouble.exe	114
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117
PID 4720 wrote to memory of 4288	4720	msedge.exe	117

C:\Users\Admin\AppData\Local\Temp\doubletrouble.exe
"C:\Users\Admin\AppData\Local\Temp\doubletrouble.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\doubletrouble.exe
  "C:\Users\Admin\AppData\Local\Temp\doubletrouble.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c TASKKILL /F /IM chrome.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1512
  - - C:\Windows\system32\taskkill.exe
      TASKKILL /F /IM chrome.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c TASKKILL /F /IM Discord.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Windows\system32\taskkill.exe
      TASKKILL /F /IM Discord.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c TASKKILL /F /IM Brave.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3700
  - - C:\Windows\system32\taskkill.exe
      TASKKILL /F /IM Brave.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c TASKKILL /F /IM Steam.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Windows\system32\taskkill.exe
      TASKKILL /F /IM Steam.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4312
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:4164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:2532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1513481325044987632,10880252304043912970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1513481325044987632,10880252304043912970,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:4288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:412
      - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 412 -s 1264
        6⤵
        Program crash
        
        PID:1348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        5⤵
        
        PID:2668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3248 /prefetch:8
        5⤵
        
        PID:4156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
        5⤵
        
        PID:4752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
        5⤵
        
        PID:752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
        5⤵
        
        PID:5156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
        5⤵
        
        PID:5320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 /prefetch:8
        5⤵
        
        PID:5368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
        5⤵
        
        PID:5640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
        5⤵
        
        PID:5832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
        5⤵
        
        PID:3908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
        5⤵
        
        PID:5592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
        5⤵
        
        PID:6132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
        5⤵
        
        PID:2404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7640 /prefetch:8
        5⤵
        
        PID:4312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
        5⤵
        
        PID:1840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
        5⤵
        
        PID:6360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
        5⤵
        
        PID:4432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
        5⤵
        
        PID:6548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
        5⤵
        
        PID:7080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1
        5⤵
        
        PID:4160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
        5⤵
        
        PID:6016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
        5⤵
        
        PID:3864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10508 /prefetch:1
        5⤵
        
        PID:3500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
        5⤵
        
        PID:7156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11536 /prefetch:1
        5⤵
        
        PID:6252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11720 /prefetch:1
        5⤵
        
        PID:1240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13957916310471300152,11548282995548719921,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11932 /prefetch:1
        5⤵
        
        PID:5372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5096
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:2676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:4256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:1804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:4272
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:4164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:5588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:5852
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:5928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:4016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:2956
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:5392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:5568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:5788
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:5960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:5328
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:2280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:5368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:5820
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4332
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:2148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xf8,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:6504
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:6588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:7088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:7100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7140
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:7164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:1572
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:6764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:5028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7036
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:7128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    - Modifies registry class
    PID:7164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:3732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3712
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      Modifies registry class
      PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:7048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:6000
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:6988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:7156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:1020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:2704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3972
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:6768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:4000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:4864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3616
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:2968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:7088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:4316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3312
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:6272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:1572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:1204
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:7068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:2996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:5460
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:3892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7012
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:4264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:3540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:4356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3856
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:6552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:4804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:6788
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:6936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:3460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:6920
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:6800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    - Modifies registry class
    PID:6988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3516
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:3676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:1956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:2240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:4356
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:5936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:7072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:3920
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:4812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:2240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:5844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:4616
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:3120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:6324
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 6324 -s 464
      4⤵
      Program crash
      PID:5444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:6184
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:4264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:1520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:3476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:6964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3718875797171054678,13194600491255045909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        5⤵
        
        PID:6960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3718875797171054678,13194600491255045909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        5⤵
        
        PID:7064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:2352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:6816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:2704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16768157907026502392,11906613938221669831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        5⤵
        
        PID:4228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16768157907026502392,11906613938221669831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
        5⤵
        
        PID:4496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:4664
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:5620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:7336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:7448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:7468
      - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 7468 -s 536
        6⤵
        Program crash
        
        PID:7852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1690356165262572857,10327005043432519733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        5⤵
        
        PID:7712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1690356165262572857,10327005043432519733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        
        PID:7724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7480
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:7524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:7880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7900
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:7912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:8052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:8132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:8144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:8160
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:8180
    - - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 8180 -s 1004
        5⤵
        Program crash
        
        PID:7316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:2012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:5620
    - - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 5620 -s 364
        5⤵
        Program crash
        
        PID:7428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7344
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:7408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=2lrzVzqCJ0U
    3⤵
    PID:7812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2lrzVzqCJ0U
      4⤵
      PID:7556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xf8,0xfc,0xd8,0x100,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
        5⤵
        
        PID:7736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6119851776907464935,6527866733393884620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:7980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6119851776907464935,6527866733393884620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
        5⤵
        
        PID:8020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6119851776907464935,6527866733393884620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2184 /prefetch:2
        5⤵
        
        PID:7944
      - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 7944 -s 220
        6⤵
        Program crash
        
        PID:7912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6119851776907464935,6527866733393884620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2720 /prefetch:2
        5⤵
        
        PID:7900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c calc
    3⤵
    PID:7524
  - - C:\Windows\system32\calc.exe
      calc
      4⤵
      PID:7300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5792

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
1⤵
PID:5568

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6720

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6280

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f70a46f8,0x7ff8f70a4708,0x7ff8f70a4718
1⤵
PID:3460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2352
- C:\Windows\system32\calc.exe
  calc
  2⤵
  PID:764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6568

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7260

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7740

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 7468 -ip 7468
1⤵
PID:7840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7988

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 8132 -ip 8132
1⤵
PID:7244

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 564 -p 5620 -ip 5620
1⤵
PID:4508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8032

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 560 -p 7944 -ip 7944
1⤵
PID:7936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
c4dc0ac9fb993372b0513c0cf4df455c

SHA1
404ad8cec4f55ebf49f1ffc9b3570a4ce83b0a1d

SHA256
c1b4b7505eb5c2c2e130962824c10f4ee0f7aaee565f487092efcf38c16fcf98

SHA512
208f49657b2a9be7ca3f98fa61100b92a0255113c801ecee88d6416ff30881081a61bd89f2d1c368d88a7b3da1aad669d99a29036d8dd888a072f05f7817b3e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
4602e0d173f48547311d5f157cf5d6f0

SHA1
5d6f5d59448e18b075687764978d92c49bddf707

SHA256
3fe1a57c857c80df2fbffb9d5a9df5e78fd24e70e68f6f0f7d9f8929fe2a59fe

SHA512
312ed2c4e9530085eb175c9c9585d1bd78ca261c9db9d855c149b1f7d48c36c8e4eef82bd82bf1de710ce6e79824102949c4498387ebda46b04297b3c8dc7bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66bc9611dd085dd5e1366c94b84456cd

SHA1
613339f5891bf2c9e54ef565c54eb18be42d65fb

SHA256
27b4949b239ca2e2ce7812dd455868d97ce9c4851bb46eb0d7d5827285dd6c22

SHA512
196973df9961ef3c91af4836cabe58b6e7df8aa410867ec6769b1407eea99532faf7c6efd351d4ef81f0ab12527756fd146fbe02220c93b9ced8368bd0488be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66bc9611dd085dd5e1366c94b84456cd

SHA1
613339f5891bf2c9e54ef565c54eb18be42d65fb

SHA256
27b4949b239ca2e2ce7812dd455868d97ce9c4851bb46eb0d7d5827285dd6c22

SHA512
196973df9961ef3c91af4836cabe58b6e7df8aa410867ec6769b1407eea99532faf7c6efd351d4ef81f0ab12527756fd146fbe02220c93b9ced8368bd0488be6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_asyncio.pyd

Filesize
62KB

MD5
6eb3c9fc8c216cea8981b12fd41fbdcd

SHA1
5f3787051f20514bb9e34f9d537d78c06e7a43e6

SHA256
3b0661ef2264d6566368b677c732ba062ac4688ef40c22476992a0f9536b0010

SHA512
2027707824d0948673443dd54b4f45bc44680c05c3c4a193c7c1803a1030124ad6c8fbe685cc7aaf15668d90c4cd9bfb93de51ea8db4af5abe742c1ef2dcd08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_asyncio.pyd

Filesize
62KB

MD5
6eb3c9fc8c216cea8981b12fd41fbdcd

SHA1
5f3787051f20514bb9e34f9d537d78c06e7a43e6

SHA256
3b0661ef2264d6566368b677c732ba062ac4688ef40c22476992a0f9536b0010

SHA512
2027707824d0948673443dd54b4f45bc44680c05c3c4a193c7c1803a1030124ad6c8fbe685cc7aaf15668d90c4cd9bfb93de51ea8db4af5abe742c1ef2dcd08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_bz2.pyd

Filesize
81KB

MD5
a4b636201605067b676cc43784ae5570

SHA1
e9f49d0fc75f25743d04ce23c496eb5f89e72a9a

SHA256
f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c

SHA512
02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_bz2.pyd

Filesize
81KB

MD5
a4b636201605067b676cc43784ae5570

SHA1
e9f49d0fc75f25743d04ce23c496eb5f89e72a9a

SHA256
f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c

SHA512
02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_ctypes.pyd

Filesize
119KB

MD5
87596db63925dbfe4d5f0f36394d7ab0

SHA1
ad1dd48bbc078fe0a2354c28cb33f92a7e64907e

SHA256
92d7954d9099762d81c1ae2836c11b6ba58c1883fde8eeefe387cc93f2f6afb4

SHA512
e6d63e6fe1c3bd79f1e39cb09b6f56589f0ee80fd4f4638002fe026752bfa65457982adbef13150fa2f36e68771262d9378971023e07a75d710026ed37e83d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_ctypes.pyd

Filesize
119KB

MD5
87596db63925dbfe4d5f0f36394d7ab0

SHA1
ad1dd48bbc078fe0a2354c28cb33f92a7e64907e

SHA256
92d7954d9099762d81c1ae2836c11b6ba58c1883fde8eeefe387cc93f2f6afb4

SHA512
e6d63e6fe1c3bd79f1e39cb09b6f56589f0ee80fd4f4638002fe026752bfa65457982adbef13150fa2f36e68771262d9378971023e07a75d710026ed37e83d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_hashlib.pyd

Filesize
60KB

MD5
49ce7a28e1c0eb65a9a583a6ba44fa3b

SHA1
dcfbee380e7d6c88128a807f381a831b6a752f10

SHA256
1be5cfd06a782b2ae8e4629d9d035cbc487074e8f63b9773c85e317be29c0430

SHA512
cf1f96d6d61ecb2997bb541e9eda7082ef4a445d3dd411ce6fd71b0dfe672f4dfaddf36ae0fb7d5f6d1345fbd90c19961a8f35328332cdaa232f322c0bf9a1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_hashlib.pyd

Filesize
60KB

MD5
49ce7a28e1c0eb65a9a583a6ba44fa3b

SHA1
dcfbee380e7d6c88128a807f381a831b6a752f10

SHA256
1be5cfd06a782b2ae8e4629d9d035cbc487074e8f63b9773c85e317be29c0430

SHA512
cf1f96d6d61ecb2997bb541e9eda7082ef4a445d3dd411ce6fd71b0dfe672f4dfaddf36ae0fb7d5f6d1345fbd90c19961a8f35328332cdaa232f322c0bf9a1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_lzma.pyd

Filesize
154KB

MD5
b5fbc034ad7c70a2ad1eb34d08b36cf8

SHA1
4efe3f21be36095673d949cceac928e11522b29c

SHA256
80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6

SHA512
e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_lzma.pyd

Filesize
154KB

MD5
b5fbc034ad7c70a2ad1eb34d08b36cf8

SHA1
4efe3f21be36095673d949cceac928e11522b29c

SHA256
80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6

SHA512
e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_overlapped.pyd

Filesize
47KB

MD5
7e6bd435c918e7c34336c7434404eedf

SHA1
f3a749ad1d7513ec41066ab143f97fa4d07559e1

SHA256
0606a0c5c4ab46c4a25ded5a2772e672016cac574503681841800f9059af21c4

SHA512
c8bf4b1ec6c8fa09c299a8418ee38cdccb04afa3a3c2e6d92625dbc2de41f81dd0df200fd37fcc41909c2851ac5ca936af632307115b9ac31ec020d9ed63f157

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_overlapped.pyd

Filesize
47KB

MD5
7e6bd435c918e7c34336c7434404eedf

SHA1
f3a749ad1d7513ec41066ab143f97fa4d07559e1

SHA256
0606a0c5c4ab46c4a25ded5a2772e672016cac574503681841800f9059af21c4

SHA512
c8bf4b1ec6c8fa09c299a8418ee38cdccb04afa3a3c2e6d92625dbc2de41f81dd0df200fd37fcc41909c2851ac5ca936af632307115b9ac31ec020d9ed63f157

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_queue.pyd

Filesize
29KB

MD5
23f4becf6a1df36aee468bb0949ac2bc

SHA1
a0e027d79a281981f97343f2d0e7322b9fe9b441

SHA256
09c5faf270fd63bde6c45cc53b05160262c7ca47d4c37825ed3e15d479daee66

SHA512
3ee5b3b7583be1408c0e1e1c885512445a7e47a69ff874508e8f0a00a66a40a0e828ce33e6f30ddc3ac518d69e4bb96c8b36011fb4ededf9a9630ef98a14893b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_queue.pyd

Filesize
29KB

MD5
23f4becf6a1df36aee468bb0949ac2bc

SHA1
a0e027d79a281981f97343f2d0e7322b9fe9b441

SHA256
09c5faf270fd63bde6c45cc53b05160262c7ca47d4c37825ed3e15d479daee66

SHA512
3ee5b3b7583be1408c0e1e1c885512445a7e47a69ff874508e8f0a00a66a40a0e828ce33e6f30ddc3ac518d69e4bb96c8b36011fb4ededf9a9630ef98a14893b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_socket.pyd

Filesize
75KB

MD5
e137df498c120d6ac64ea1281bcab600

SHA1
b515e09868e9023d43991a05c113b2b662183cfe

SHA256
8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a

SHA512
cc2772d282b81873aa7c5cba5939d232cceb6be0908b211edb18c25a17cbdb5072f102c0d6b7bc9b6b2f1f787b56ab1bc9be731bb9e98885c17e26a09c2beb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_socket.pyd

Filesize
75KB

MD5
e137df498c120d6ac64ea1281bcab600

SHA1
b515e09868e9023d43991a05c113b2b662183cfe

SHA256
8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a

SHA512
cc2772d282b81873aa7c5cba5939d232cceb6be0908b211edb18c25a17cbdb5072f102c0d6b7bc9b6b2f1f787b56ab1bc9be731bb9e98885c17e26a09c2beb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_ssl.pyd

Filesize
155KB

MD5
35f66ad429cd636bcad858238c596828

SHA1
ad4534a266f77a9cdce7b97818531ce20364cb65

SHA256
58b772b53bfe898513c0eb264ae4fa47ed3d8f256bc8f70202356d20f9ecb6dc

SHA512
1cca8e6c3a21a8b05cc7518bd62c4e3f57937910f2a310e00f13f60f6a94728ef2004a2f4a3d133755139c3a45b252e6db76987b6b78bc8269a21ad5890356ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\_ssl.pyd

Filesize
155KB

MD5
35f66ad429cd636bcad858238c596828

SHA1
ad4534a266f77a9cdce7b97818531ce20364cb65

SHA256
58b772b53bfe898513c0eb264ae4fa47ed3d8f256bc8f70202356d20f9ecb6dc

SHA512
1cca8e6c3a21a8b05cc7518bd62c4e3f57937910f2a310e00f13f60f6a94728ef2004a2f4a3d133755139c3a45b252e6db76987b6b78bc8269a21ad5890356ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\base_library.zip

Filesize
812KB

MD5
622c5b3c73ed54fc1361ead839c99d97

SHA1
bbd9406db4578d813f242251055bd8fa839d2d38

SHA256
d0bbd742960c568d82ad9caf513bf1afb7bd519caa9e3721414687e8813c903a

SHA512
37515b40568c5b87eb27d7aec3f051427d1df088d489aa596f81a94383736aa3a80fd195b00238d66d0ad686bc03a20ad4a0210e1448b1b4f856739d00d5fd8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\certifi\cacert.pem

Filesize
278KB

MD5
b18e918767d99291f8771414b76a8e65

SHA1
ea544791b23e4a8f47ace99b9d08b3609d511293

SHA256
a59fde883a0ef9d74ab9dad009689e00173d28595b57416c98b2ee83280c6e4c

SHA512
78a4eac65754fb8d37c1da85534d6e1dd0eb2b3535ef59d75c34a91d716afc94258599b1078c03a4b81e142945b13e671ec46b5f2fcb8c8c46150ae7506e0d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\pywintypes310.dll

Filesize
143KB

MD5
bd1ee0e25a364323faa252eee25081b5

SHA1
7dea28e7588142d395f6b8d61c8b46104ff9f090

SHA256
55969e688ad11361b22a5cfee339645f243c3505d2963f0917ac05c91c2d6814

SHA512
d9456b7b45151614c6587cee54d17261a849e7950049c78f2948d93a9c7446b682e553e2d8d094c91926dd9cbaa2499b1687a9128aec38b969e95e43657c7a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\pywintypes310.dll

Filesize
143KB

MD5
bd1ee0e25a364323faa252eee25081b5

SHA1
7dea28e7588142d395f6b8d61c8b46104ff9f090

SHA256
55969e688ad11361b22a5cfee339645f243c3505d2963f0917ac05c91c2d6814

SHA512
d9456b7b45151614c6587cee54d17261a849e7950049c78f2948d93a9c7446b682e553e2d8d094c91926dd9cbaa2499b1687a9128aec38b969e95e43657c7a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\select.pyd

Filesize
28KB

MD5
adc412384b7e1254d11e62e451def8e9

SHA1
04e6dff4a65234406b9bc9d9f2dcfe8e30481829

SHA256
68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1

SHA512
f250f1236882668b2686bd42e1c334c60da7abec3a208ebebdee84a74d7c4c6b1bc79eed7241bc7012e4ef70a6651a32aa00e32a83f402475b479633581e0b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\select.pyd

Filesize
28KB

MD5
adc412384b7e1254d11e62e451def8e9

SHA1
04e6dff4a65234406b9bc9d9f2dcfe8e30481829

SHA256
68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1

SHA512
f250f1236882668b2686bd42e1c334c60da7abec3a208ebebdee84a74d7c4c6b1bc79eed7241bc7012e4ef70a6651a32aa00e32a83f402475b479633581e0b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\unicodedata.pyd

Filesize
1.1MB

MD5
102bbbb1f33ce7c007aac08fe0a1a97e

SHA1
9a8601bea3e7d4c2fa6394611611cda4fc76e219

SHA256
2cf6c5dea30bb0584991b2065c052c22d258b6e15384447dcea193fdcac5f758

SHA512
a07731f314e73f7a9ea73576a89ccb8a0e55e53f9b5b82f53121b97b1814d905b17a2da9bd2eda9f9354fc3f15e3dea7a613d7c9bc98c36bba653743b24dfc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\unicodedata.pyd

Filesize
1.1MB

MD5
102bbbb1f33ce7c007aac08fe0a1a97e

SHA1
9a8601bea3e7d4c2fa6394611611cda4fc76e219

SHA256
2cf6c5dea30bb0584991b2065c052c22d258b6e15384447dcea193fdcac5f758

SHA512
a07731f314e73f7a9ea73576a89ccb8a0e55e53f9b5b82f53121b97b1814d905b17a2da9bd2eda9f9354fc3f15e3dea7a613d7c9bc98c36bba653743b24dfc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\win32api.pyd

Filesize
136KB

MD5
fc7b3937aa735000ef549519425ce2c9

SHA1
e51a78b7795446a10ed10bdcab0d924a6073278d

SHA256
a6949ead059c6248969da1007ea7807dcf69a4148c51ea3bc99c15ee0bc4d308

SHA512
8840ff267bf216a0be8e1cae0daac3ff01411f9afc18b1f73ba71be8ba70a873a7e198fd7d5df98f7ca8eee9a94eab196f138a7f9f37d35c51118f81860afb7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI2162\win32api.pyd

Filesize
136KB

MD5
fc7b3937aa735000ef549519425ce2c9

SHA1
e51a78b7795446a10ed10bdcab0d924a6073278d

SHA256
a6949ead059c6248969da1007ea7807dcf69a4148c51ea3bc99c15ee0bc4d308

SHA512
8840ff267bf216a0be8e1cae0daac3ff01411f9afc18b1f73ba71be8ba70a873a7e198fd7d5df98f7ca8eee9a94eab196f138a7f9f37d35c51118f81860afb7d

Download Submit
memory/6672-279-0x000002253D740000-0x000002253D760000-memory.dmp

Filesize
128KB

Download
memory/6672-284-0x000002253DF6E000-0x000002253DF72000-memory.dmp

Filesize
16KB

Download
memory/6672-285-0x000002253DF6E000-0x000002253DF72000-memory.dmp

Filesize
16KB

Download
memory/6672-286-0x000002253DF6E000-0x000002253DF72000-memory.dmp

Filesize
16KB

Download
memory/6672-287-0x000002253DF6E000-0x000002253DF72000-memory.dmp

Filesize
16KB

Download
memory/6672-288-0x000002253DF6E000-0x000002253DF72000-memory.dmp

Filesize
16KB

Download
memory/6672-290-0x000002253C500000-0x000002253C600000-memory.dmp

Filesize
1024KB

Download
memory/6672-291-0x000002253D9E0000-0x000002253D9E8000-memory.dmp

Filesize
32KB

Download
memory/6672-293-0x000002253DFA6000-0x000002253DFA9000-memory.dmp

Filesize
12KB

Download
memory/6672-295-0x000002253DFA6000-0x000002253DFA9000-memory.dmp

Filesize
12KB

Download
memory/6672-294-0x000002253DFA6000-0x000002253DFA9000-memory.dmp

Filesize
12KB

Download
memory/6672-296-0x000002253DFA6000-0x000002253DFA9000-memory.dmp

Filesize
12KB

Download