734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
953s
max time network
1232s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.bat
Size

12KB
MD5

13a43c26bb98449fd82d2a552877013a
SHA1

71eb7dc393ac1f204488e11f5c1eef56f1e746af
SHA256

5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
SHA512

602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
SSDEEP

384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
2172	MEMZ.exe
1232	MEMZ.exe
2164	MEMZ.exe
4624	MEMZ.exe
3496	MEMZ.exe
1772	MEMZ.exe
1424	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 46 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	MEMZ.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
10800	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1232	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
4624	MEMZ.exe
4624	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
4624	MEMZ.exe
4624	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
4624	MEMZ.exe
4624	MEMZ.exe
1232	MEMZ.exe
2164	MEMZ.exe
1232	MEMZ.exe
2164	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
4624	MEMZ.exe
4624	MEMZ.exe
3496	MEMZ.exe
3496	MEMZ.exe
4624	MEMZ.exe
4624	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
2164	MEMZ.exe
2164	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
1772	MEMZ.exe
2164	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

pid	Process
5380	mmc.exe
3980	Taskmgr.exe
2340	mmc.exe
1424	MEMZ.exe
6404	Taskmgr.exe
7792	mmc.exe
1104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious behavior: SetClipboardViewer 4 IoCs

pid	Process
2340	mmc.exe
7792	mmc.exe
6352	mmc.exe
716	mmc.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: 33	5380	mmc.exe
Token: SeIncBasePriorityPrivilege	5380	mmc.exe
Token: 33	5380	mmc.exe
Token: SeIncBasePriorityPrivilege	5380	mmc.exe
Token: SeDebugPrivilege	3980	Taskmgr.exe
Token: SeSystemProfilePrivilege	3980	Taskmgr.exe
Token: SeCreateGlobalPrivilege	3980	Taskmgr.exe
Token: 33	5328	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5328	AUDIODG.EXE
Token: 33	2340	mmc.exe
Token: SeIncBasePriorityPrivilege	2340	mmc.exe
Token: 33	2340	mmc.exe
Token: SeIncBasePriorityPrivilege	2340	mmc.exe
Token: 33	2340	mmc.exe
Token: SeIncBasePriorityPrivilege	2340	mmc.exe
Token: SeDebugPrivilege	6404	Taskmgr.exe
Token: SeSystemProfilePrivilege	6404	Taskmgr.exe
Token: SeCreateGlobalPrivilege	6404	Taskmgr.exe
Token: 33	7792	mmc.exe
Token: SeIncBasePriorityPrivilege	7792	mmc.exe
Token: 33	7792	mmc.exe
Token: SeIncBasePriorityPrivilege	7792	mmc.exe
Token: 33	7792	mmc.exe
Token: SeIncBasePriorityPrivilege	7792	mmc.exe
Token: 33	6352	mmc.exe
Token: SeIncBasePriorityPrivilege	6352	mmc.exe
Token: 33	6352	mmc.exe
Token: SeIncBasePriorityPrivilege	6352	mmc.exe
Token: 33	6352	mmc.exe
Token: SeIncBasePriorityPrivilege	6352	mmc.exe
Token: 33	716	mmc.exe
Token: SeIncBasePriorityPrivilege	716	mmc.exe
Token: 33	716	mmc.exe
Token: SeIncBasePriorityPrivilege	716	mmc.exe
Token: SeShutdownPrivilege	10800	explorer.exe
Token: SeCreatePagefilePrivilege	10800	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe
3980	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1424	MEMZ.exe
5348	mmc.exe
5380	mmc.exe
5380	mmc.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
4192	mmc.exe
2340	mmc.exe
2340	mmc.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
6916	mspaint.exe
6916	mspaint.exe
6916	mspaint.exe
6916	mspaint.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
5848	wordpad.exe
5848	wordpad.exe
5848	wordpad.exe
5848	wordpad.exe
5848	wordpad.exe
5848	wordpad.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
2880	wordpad.exe
2880	wordpad.exe
2880	wordpad.exe
2880	wordpad.exe
2880	wordpad.exe
2880	wordpad.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
7796	mmc.exe
7792	mmc.exe
7792	mmc.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe
1424	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 1060	4916	cmd.exe	89
PID 4916 wrote to memory of 1060	4916	cmd.exe	89
PID 4916 wrote to memory of 2172	4916	cmd.exe	90
PID 4916 wrote to memory of 2172	4916	cmd.exe	90
PID 4916 wrote to memory of 2172	4916	cmd.exe	90
PID 2172 wrote to memory of 1232	2172	MEMZ.exe	93
PID 2172 wrote to memory of 1232	2172	MEMZ.exe	93
PID 2172 wrote to memory of 1232	2172	MEMZ.exe	93
PID 2172 wrote to memory of 2164	2172	MEMZ.exe	94
PID 2172 wrote to memory of 2164	2172	MEMZ.exe	94
PID 2172 wrote to memory of 2164	2172	MEMZ.exe	94
PID 2172 wrote to memory of 4624	2172	MEMZ.exe	95
PID 2172 wrote to memory of 4624	2172	MEMZ.exe	95
PID 2172 wrote to memory of 4624	2172	MEMZ.exe	95
PID 2172 wrote to memory of 3496	2172	MEMZ.exe	96
PID 2172 wrote to memory of 3496	2172	MEMZ.exe	96
PID 2172 wrote to memory of 3496	2172	MEMZ.exe	96
PID 2172 wrote to memory of 1772	2172	MEMZ.exe	97
PID 2172 wrote to memory of 1772	2172	MEMZ.exe	97
PID 2172 wrote to memory of 1772	2172	MEMZ.exe	97
PID 2172 wrote to memory of 1424	2172	MEMZ.exe	98
PID 2172 wrote to memory of 1424	2172	MEMZ.exe	98
PID 2172 wrote to memory of 1424	2172	MEMZ.exe	98
PID 1424 wrote to memory of 772	1424	MEMZ.exe	100
PID 1424 wrote to memory of 772	1424	MEMZ.exe	100
PID 1424 wrote to memory of 772	1424	MEMZ.exe	100
PID 1424 wrote to memory of 1104	1424	MEMZ.exe	111
PID 1424 wrote to memory of 1104	1424	MEMZ.exe	111
PID 1104 wrote to memory of 968	1104	msedge.exe	112
PID 1104 wrote to memory of 968	1104	msedge.exe	112
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113
PID 1104 wrote to memory of 2208	1104	msedge.exe	113

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:1060
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1232
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2164
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4624
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3496
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1772
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      Enumerates system info in registry
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:2208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        5⤵
        
        PID:2804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
        5⤵
        
        PID:1956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:4440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
        5⤵
        
        PID:1408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
        5⤵
        
        PID:3220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
        5⤵
        
        PID:1972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
        5⤵
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
        5⤵
        
        PID:2096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
        5⤵
        
        PID:4380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
        5⤵
        
        PID:4508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
        5⤵
        
        PID:880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
        5⤵
        
        PID:2328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
        5⤵
        
        PID:2432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
        5⤵
        
        PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
        5⤵
        
        PID:3992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
        5⤵
        
        PID:3256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
        5⤵
        
        PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
        5⤵
        
        PID:1488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
        5⤵
        
        PID:1868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
        5⤵
        
        PID:3516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
        5⤵
        
        PID:4124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
        5⤵
        
        PID:3796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
        5⤵
        
        PID:2736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
        5⤵
        
        PID:2424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
        5⤵
        
        PID:6128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
        5⤵
        
        PID:5636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
        5⤵
        
        PID:1244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
        5⤵
        
        PID:5420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
        5⤵
        
        PID:1604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
        5⤵
        
        PID:2560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
        5⤵
        
        PID:1332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
        5⤵
        
        PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
        5⤵
        
        PID:4872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
        5⤵
        
        PID:6048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
        5⤵
        
        PID:3972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
        5⤵
        
        PID:5792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
        5⤵
        
        PID:5592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
        5⤵
        
        PID:4904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
        5⤵
        
        PID:5040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
        5⤵
        
        PID:536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
        5⤵
        
        PID:5556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
        5⤵
        
        PID:6164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
        5⤵
        
        PID:6268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
        5⤵
        
        PID:3416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
        5⤵
        
        PID:6344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
        5⤵
        
        PID:6756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
        5⤵
        
        PID:4456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
        5⤵
        
        PID:6420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:1
        5⤵
        
        PID:6488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1
        5⤵
        
        PID:740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
        5⤵
        
        PID:7204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
        5⤵
        
        PID:7872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1
        5⤵
        
        PID:7968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
        5⤵
        
        PID:3228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10228 /prefetch:1
        5⤵
        
        PID:7612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10236 /prefetch:1
        5⤵
        
        PID:7228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10408 /prefetch:1
        5⤵
        
        PID:7304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10712 /prefetch:1
        5⤵
        
        PID:4912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10748 /prefetch:1
        5⤵
        
        PID:1064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
        5⤵
        
        PID:8000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:1
        5⤵
        
        PID:4644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
        5⤵
        
        PID:7808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
        5⤵
        
        PID:3268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1
        5⤵
        
        PID:7772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11064 /prefetch:1
        5⤵
        
        PID:7304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1
        5⤵
        
        PID:4680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11056 /prefetch:1
        5⤵
        
        PID:2280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11196 /prefetch:1
        5⤵
        
        PID:8412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
        5⤵
        
        PID:8520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11412 /prefetch:1
        5⤵
        
        PID:9168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:1
        5⤵
        
        PID:7012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11164 /prefetch:1
        5⤵
        
        PID:8948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11904 /prefetch:1
        5⤵
        
        PID:8976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11616 /prefetch:1
        5⤵
        
        PID:7600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12096 /prefetch:1
        5⤵
        
        PID:8972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11992 /prefetch:1
        5⤵
        
        PID:8696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11796 /prefetch:1
        5⤵
        
        PID:7964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12220 /prefetch:1
        5⤵
        
        PID:8736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12268 /prefetch:1
        5⤵
        
        PID:2180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11160 /prefetch:1
        5⤵
        
        PID:8376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12668 /prefetch:1
        5⤵
        
        PID:7248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11164 /prefetch:1
        5⤵
        
        PID:9536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12968 /prefetch:1
        5⤵
        
        PID:9576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11356 /prefetch:1
        5⤵
        
        PID:10120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12736 /prefetch:1
        5⤵
        
        PID:10184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13204 /prefetch:1
        5⤵
        
        PID:5028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13164 /prefetch:1
        5⤵
        
        PID:8588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13428 /prefetch:1
        5⤵
        
        PID:9400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13468 /prefetch:1
        5⤵
        
        PID:9068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11884 /prefetch:1
        5⤵
        
        PID:8588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13224 /prefetch:1
        5⤵
        
        PID:9224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13804 /prefetch:1
        5⤵
        
        PID:8108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13840 /prefetch:1
        5⤵
        
        PID:8436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13552 /prefetch:1
        5⤵
        
        PID:9440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14028 /prefetch:1
        5⤵
        
        PID:7964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13188 /prefetch:1
        5⤵
        
        PID:9676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13848 /prefetch:1
        5⤵
        
        PID:10260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14396 /prefetch:1
        5⤵
        
        PID:10272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12676 /prefetch:1
        5⤵
        
        PID:8980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14492 /prefetch:1
        5⤵
        
        PID:10460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13288 /prefetch:1
        5⤵
        
        PID:11188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14952 /prefetch:1
        5⤵
        
        PID:10472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14624 /prefetch:1
        5⤵
        
        PID:8848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14220 /prefetch:1
        5⤵
        
        PID:10112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14512 /prefetch:1
        5⤵
        
        PID:8044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13948 /prefetch:1
        5⤵
        
        PID:10592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1
        5⤵
        
        PID:9880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14660 /prefetch:1
        5⤵
        
        PID:10624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15204 /prefetch:1
        5⤵
        
        PID:11372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14512 /prefetch:1
        5⤵
        
        PID:11472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15096 /prefetch:1
        5⤵
        
        PID:11872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14468 /prefetch:1
        5⤵
        
        PID:11300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15156 /prefetch:1
        5⤵
        
        PID:12216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13944 /prefetch:1
        5⤵
        
        PID:12244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13900 /prefetch:1
        5⤵
        
        PID:9908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15208 /prefetch:1
        5⤵
        
        PID:9248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14756 /prefetch:1
        5⤵
        
        PID:9232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12696 /prefetch:1
        5⤵
        
        PID:1568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13928 /prefetch:1
        5⤵
        
        PID:7448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13772 /prefetch:1
        5⤵
        
        PID:12628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14880 /prefetch:1
        5⤵
        
        PID:13212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
        5⤵
        
        PID:9264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
        5⤵
        
        PID:12100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:1
        5⤵
        
        PID:12816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
        5⤵
        
        PID:10808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14273581509325438423,5775596263588339701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
        5⤵
        
        PID:10112
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5348
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:4112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:3452
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:5240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x90,0x128,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:2432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:3884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:2008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:3316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:5316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:2460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
      4⤵
      PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:1528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:5816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:5324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x11c,0x120,0xfc,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:3460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:5716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5140
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4192
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:3292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:1648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:1452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:1216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:1556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:2052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:2044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:4060
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:6916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
      4⤵
      PID:6868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:6912
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      PID:6404
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:4156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xfc,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:1684
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5848
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:5592
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:6528
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1652
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:6924
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:6704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xe8,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:7048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0x11c,0x120,0x118,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:4032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:7804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x90,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:7508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:6112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:8036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8148
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:6556
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:7408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:6804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7344
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:7796
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:7792
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:2264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:6380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:6332
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:7832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:7648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:8064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:8144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:8348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:9092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:5500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:8860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:8208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:3644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8560
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:9468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:10048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:10064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:9528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:6984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9360
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8040
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:8424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:6800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:9320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9328
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      PID:8316
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:6352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:632
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:2280
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Checks SCSI registry key(s)
        Suspicious behavior: SetClipboardViewer
        Suspicious use of AdjustPrivilegeToken
        
        PID:716
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      Modifies registry class
      PID:10756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:11236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0x11c,0x120,0x118,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11252
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:10680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:11196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:1192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:8532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0x11c,0x120,0xf8,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:9960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:9888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8216
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:8580
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:10252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:7392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xf8,0xfc,0x124,0x128,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:10864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:8804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:10848
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      PID:10296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:10540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:6772
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:320
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10676
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:10384
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:4852
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:9844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      PID:10872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x100,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5020
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:10688
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:8356
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:8836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:10768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:10440
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:11648
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      PID:11968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:12252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:12272
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:12240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:11740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:8404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:11664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11480
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:11192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:11956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:12192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:4192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:7784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:8680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:6416
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:10780
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:6796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9276
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:7324
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:12204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:11000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x104,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:11836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:5828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
      4⤵
      PID:11700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:12552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:12564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:13136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:13152
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:12556
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:13084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
      4⤵
      PID:12484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:13300
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:13016
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:13276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:1236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:6972
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:12420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:12436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:9772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:12688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x11c,0x120,0xf4,0x124,0x7ffdc1ee46f8,0x7ffdc1ee4708,0x7ffdc1ee4718
        5⤵
        
        PID:11160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3320

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:10800

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:10904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:13124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:13104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08f76cc52f27693a_0

Filesize
397KB

MD5
9cc2a5491258ffda4417e06929651a08

SHA1
18c904064547491bf76c7230e7b9581c1fcc150e

SHA256
1d3950da98631034241f3b9bb1b0591f643e5de2658314436eb14e158922baf7

SHA512
a49760d8e055b7623dee27fab9e42e8ec0d3705bf2ff28a268635af8f2c565fce3c0c55c943d5a519361a5732529aa3210d9af7202a685c5c0909137c833cf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c5bce7e97afc2e_0

Filesize
18KB

MD5
ca82cc5aeb9eeb11d0e86a5f850d8f55

SHA1
66f7e22c1e79a0bcb6e848904cbcfbef55f8180c

SHA256
1741d559097b5b9f93691bed1c2864286a20844e0abd01a7ece3cc44aa4b9cce

SHA512
7270d3657bc2c37d459904c48c5fce6eccedd688d3828bfad6d0d6842e92ee5e4703886ab5636fc74017571535501569bf910ff741841b517118ef187ce67326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6758a313900b16a8_0

Filesize
397KB

MD5
1899052590f62155e065531cb225f4e7

SHA1
bf24e45ad2c7dd0b76875b062841efab8de56945

SHA256
a95a9d7967eb76e556630386699ffd07532a02601f6b7ac1bb78294a6970e040

SHA512
baf1ab6bae0af35b7d4858284e64cdef0ef112f92533ce710d02ab11a47e85231871f9958212d3b44e72bbe23deb05ea1b3483417a9cbcbe5970e83c00b00c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c09b36527eb9798_0

Filesize
397KB

MD5
42f177eee4ebce33b21fa1ef5b05e87f

SHA1
b8b72c9ad0859dc8a113c7e1c658ec6afcfab385

SHA256
ee2e5d0bb0f6c373d7a09792c23dce9be1eb5a2d38b007ae702b3cb1dc42d449

SHA512
64832f74d5a041354fea9fc204734a39fc7ef71df3c6bcdbd61e81bd9c0e9eafd2c5dd00d55ae2d4e00b52a7e6afa7702fcbd48d47d4191833b57dab130b2786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
05514bfaeabc5bf8a61aa1b80f0ab50d

SHA1
516390541b5df9532a7c427a4ec846d91593f9be

SHA256
f2197fa0cf5cff4e70cd9b402b5a6734b21011c63560f1877258be9b9a8a129a

SHA512
bd6fd1c3a4d6efef70193b354f1ce9429cffbb9f22c29095fa0d180f7a4d0881db0f13f6883c881169f38e37415e81da6fe3d578163056193eac0ae865a7b33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
b097654eb9b4df3bf3262617a067cd1e

SHA1
2b324d7186c62c3df601cd82deee037a7fcf1a5f

SHA256
2a58f7e81b0180f77501fbc46145cfcb44e96da6b5b8bfb0f471f934bf784e0a

SHA512
da61ed993c5e1d377dbf5e797bbeb087b015040bd41dae78779b79567f709bf7cd97c1ae05c960ec6bea26998a6a5a5b1a81a79163c7fd87ca6c7435d9c1fcc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
ca483701dac02d1eadf70cab97d5aa8b

SHA1
5e72582d05803875f121bdea32ced8e6c825347d

SHA256
3f5c5a74092f8bd9f30a7c59318efc08716c6279d3f444cc44796929a0f527c9

SHA512
cfe303fc48a96d1549d57b1ad09b3435c756d3caf81056bcc3512c589c70ebbf4bd3db02dd539091cb2228f2c10b36e296be5603cfb1939bd3cbc582eeac38e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
d03e25bd5a263ea75a151ce0e63b7206

SHA1
5c1eb38574ce0bccd07d442dbfbbfe6719036850

SHA256
fa8e1aa2dfe36829003d8075b756672c70dd8d45e63dc07489453661c8ece88e

SHA512
9f0bd615b1bffd1e081b974d1356f80ce0568dd41a6230325a612005e6018081454293f6e31d4e7c3e71783487f974f4b9c9d8bd159fa2de88289011ee5db958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
e9e2013b694e4bacf243758d76ad12e6

SHA1
40a7c193edf213537d123301f1738539707b4854

SHA256
60482ba557ca9716b3df2cff76b17e9d50c6700c00cc29512f236831d860ca4b

SHA512
48b5292277f24100556d80f25eba8114b3136649dfc1a7c7e8e0727703cfc832dbfb17169b922f95fdeb1c5e3600ff7218b8c65604673ba968b8b47a296614af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
9405bf694b4e55dc7755af91c3e51a37

SHA1
2e3fd0b5201b4fe23f23cfc9990316d896516fc1

SHA256
c38eab1c96909b6e7084223a780c34c8ece4c80b09e083cb967ef63b8d497711

SHA512
bde9fd0f6c12fdf7cf6833203d4b8d7a0b7b141e4984c72da61ba6bfd9c8860933a999aa49777626e64f2efba0a7bf5f7cb5553ea712cb231213da44a7aea9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
cf0cc9e1688ecd9af6003a1046311651

SHA1
8367be16e489ec248636e057192512f0b73e5ff1

SHA256
cc620111be5c5ddd6b24546a8b837dc27257fa7adf23ceeed76499ccec0451e2

SHA512
2f39a3b1662a96f9c5182327b3ad2a4a2a7d4d7005df7ad4d072f6f6138919642903e0127ec9565ea1336fad5c6009e1db45a4e1d993ea7d6b5f7cc1696d7a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ad1f11b87d9a7d3_0

Filesize
317KB

MD5
6c4a45fc30e1e6fb8ffbf78d075af2a4

SHA1
b9c8aa7820fa86b0bc2acc402dad79f6b2d37334

SHA256
1078864d44cdb2878f220b8bc40b2771a704bd0238de2ce2bffaef2a84d2dcd8

SHA512
341becdea5c2e5aa59e437a52891cbf36f0795bc70ecc73567157b51ba59fa31aa9fa93c1a90b252efa4e6ac7adbbc887aee6d105e0efddf906155d9bc860098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d83ff7e2448d637_0

Filesize
397KB

MD5
309d4d41ecede527823c1dad34e9da3d

SHA1
1640bb87a431fee558ca2e18e7a2fb3e25e55fc0

SHA256
28ebe07c6ebc2f5bcc096862cfc2f1352461524505ba6971651f8752b1109062

SHA512
96f18efabc15d1cf911613c2ea2d399f7faca9b584400ff16b9e87e0d8d55c890dcf2db87b6369607c3e662969830f642a7c2da0a9a1f24abea350b90283f19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f3b0b5a62571028_0

Filesize
397KB

MD5
3033d175ebc94ddc40a450f7ce17a3d7

SHA1
f894b07b4f0a45e6a0d2edab479f11586f040e83

SHA256
f2decd7dde47a706d704bb2ee06a2549214a166212d6b9c02d4993a5f2126189

SHA512
8d98a2e3e603c3249261b5380bda021c838bf55c2a10d164bc0f4e99779f7b1feb6cb8f0c5e3a015a472020a5fb305772393e484d49fdc96cdbfda83cdf3212b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e99f9ec690c3ebe1_0

Filesize
397KB

MD5
089fd997e74edce366a834fd6c0a4dd1

SHA1
a9e22b477ca4931aa61b83ffcbd5b0682ad3a30a

SHA256
a82b1ff02c5c38073d69e900c511a8eb8e192657dd92c9fcf12595bbd1a17648

SHA512
67e37b6590272840f47a8bf768b6cb67cfa670d03190252953869831c386cf88d96df2e0dcda44730107eee8586e6eca9abc29afe863c643171736b715e87673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d582c390085f0bed9a0d435ad5639bd7

SHA1
9c6863dbb4f61b770fe5a753df2687266fcd0b25

SHA256
b663456efb269f7fa18ead1310286736c1b56bd5b933d00332329a6d5b504924

SHA512
f2bf7151e70ff17e0e26610f24b81ba7512a7a7775068fc675f09ca1e4af6edd83ae4ce85826e0ae7e9f50931612e02a9221cda53bd006af116b86df212c46bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
163e37c99cbd204fcf197e3e36ec1660

SHA1
2061201026f15dd24db96bd0d9d4a03b0876fcac

SHA256
71db34eaf9ceff2863b9d95314f11dea977df488f47d0e6e352e28b690d3dbe9

SHA512
37d1f41aeeda6d201819daf7e5e3e55aec686d880b8167a3e4dfe66a81c7ca3e13dacdc33fd2d21a5a3342dfae7cfee45bf4862f10b26374037d3baa73236933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
725fd97328d3d1f42a57e264a3a7b86d

SHA1
4957e16ecf6e8a7c09a275b9b6062b326f147094

SHA256
a3577c5a1b2b64956402bcf1aac3098434359af9c24e57f69410965e7619fed7

SHA512
d6f56ff89ae1358174e746a3c0221edaeec9ca5ef042ccb99b5db0b46a2ac9fdf2f9edcc8e4f7ea33e2510e689dbb66593049f043a76a9d12b4b12f0526b700b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
9e249fe264501a7ff1f63f5eecc2e284

SHA1
bd30f39f41fd2eb9ce4b563cbcac335ebb8d9052

SHA256
e9bd6233076c9dff45bbe363b61c7035f7dd9353506868475fe7042dc66999d6

SHA512
fd59a0be6779e1a511d1de46372cd16735ee521efa67d5f7d2507607cbf2b6743f707dcce8f0f9f7d0eced9a27665f6cfbd5f9d50b64c01262cbd82af046cad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
082c54382722fe8d237cbec40fedea20

SHA1
e050ca98cc8853381e2ad27a7d6ebdf709962c9e

SHA256
3a6644995072ab4997f32ddf282dee983d1f734b47e272bcf08bf701780bcf45

SHA512
132c910d6929342c095fed3be6f4a1a80f5dd34e0f9db5b16e1d1fd90da0f3a485626220c17962eb7a26e85aa378fc5a48d5372f5fc8e72181cdfb83ce045ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
64b78bdf9814caa200fd379c1c091325

SHA1
2a6c4fcc255f06f935aa21d053784d88d1389355

SHA256
d27b3f69864935e4d927d33ef961444cfab7567cded23fe9ab27f6aa9f8a2ec2

SHA512
edb3c85f3a1ef99cb4688a1c5cb73fe17070f990d8e160c62a0e4f1fd4422687e810632d4fec2ab78d258e98d55ae29e7e48189c496535f735b2dd861898a0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
a2d6361612ad593cb4358176aab8f184

SHA1
2a3a0f888dc259db41ab14e1ee73e6ea904734bc

SHA256
e21822c032837f01612f0023feb96fa9ff7a7ca1a4d427b40f11024cf06b9cdd

SHA512
9e60e8198ea22c1a8f62744d46bd5a1494016cf2bcf3e54b5bbb1604cc3ee11702537afc56931d9ed87de5d9ccabf21bd1f6c90daa725e9753c1db008131ad13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
72567092329c1aa7f077a5faa4e9918b

SHA1
9924222d0eadd30359bd52a38045341f668a6a64

SHA256
714549064566325e726c2a5a4856f4ba81394230e5094260c8ae578e59e27ce1

SHA512
1f077e0a32b2dd38bf0cf6313903bc812d8dd356e1164b3c909f105c0c858f005da9a4b53bb17a32a51e7b03d431d6e0928632769f04dba4bc737f5edcb9367c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9c3775984f88ea618569a3fdce0d5d2d

SHA1
94c6de55f82b01cbe115dba71603a3ef325a026f

SHA256
a44310d32d7d67a11beccb017a5fe4ebd6106d0fd2ad873a327605a5ac5802f2

SHA512
5a7f0499dd399843dfe499b65c32063fea63012ed723f40a921c30c811d7d9532befad81cdcbca71503f2a56332f234e3910607a0707822af6b6bca31c2cb434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
712ccaadb56997bb662ba5000ca1a3de

SHA1
25921820bb91dfd757c13a0e41d2732372096d5d

SHA256
242d373a20713649dacc94879d20f9779ce565dd19d720346be4471f78e90ca7

SHA512
a76517555a27c41f4e029c21309f379c47f0261de92403ff17fe7634a55eab3edfd9a574bfe3e4d9f00a0f3003e3aee1f7bddcd0dd8206e6d8f2b1e9c90266cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
49f7d5e025eeb7d00b9339a1e3c940b4

SHA1
78538bb4e650ecb4ce325a6e337a4ae79db24ad0

SHA256
913031b84c60d698a07f27dffd40a604270884d74e06cf5e52802938d1c039dc

SHA512
376a8cbe435db7d034895bb23dff49f5b9b5c7aa85885e15d3ccb57e47e84b0b9c74cfc91fe03dbf9947f27656ba5beb83f64fa357a14fc9d42108b598a8e5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
56a132301fe0b018b7fc856f661db983

SHA1
8e51283fec7c8e6a76fd418ff58b813192210b2c

SHA256
2cf734c066d0f81a4f17d6da7a69a691149a16578cd3cbec94a24ae249410da1

SHA512
5ae47205b450525049919ebed65580ca3d32e52572e33ae08d492fad536147d9471f7ab18fa5077fc48e0a14f349c802ec9e04367d9445b4a982d3ff20f9b457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
0c9ce4f4cda12deba9e59e1b8665d959

SHA1
a830417d3b56a26318af03421e16c55218f122af

SHA256
8e843337e643d410e2abf6d324c2993c2d21f6d81746023c4cea7dc826962d4e

SHA512
2487d68ed92c03df29c4abf0d5d9384b3a2ee2c39ef66b0e3af415bfa46715c326b82a2e2f69e6ae81ebd26f8fee6473385ddb6aa7a2b874dbdf8be9e64e1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
41ed401e6a9a4ad51a9766ff2b8d0e6a

SHA1
71da58c20fd2ced58bf2c20410fd03950d2465a5

SHA256
bdab68c279b6ed5fe633a1695bfc78b3d0e60f7111bd1658e7fcc6097addd3a1

SHA512
436e74efbb375540d17a578535f8f3bda570e8d02df3887cc330bfcfdb76446e36c5b93ad3d4f0e1c4213b212bbbb65c45a6cc40645f0136effea7eb66e52666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a656f76ac43f8ac31227225cff9c340e

SHA1
bfe668628fccc92b59a578b52e37ae49abebaf30

SHA256
d2b3710a1edae2ea5469a18aeb456ec9950a564bf29751b5bbb2e609df4534b4

SHA512
77b49ff2c460cb1c6852c8088bc85cd8d4438398cc9f4a7448e4ff6f419dd22d5b5f2e750b645db433093d47354354a7e4e706a8aa9f4dbe33272a297d4d210c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
949a5044216782a81b55afb3d0711e9e

SHA1
b718d17ed912fbef93eba243211d88ef59f4c2f5

SHA256
6b62486ff99e7c370b6c0cc9a71d646e8ede218c0e87491a2788e067868048ac

SHA512
b476a716ba793b3663d9fcba5298fb5580b512ca724d38c4fd7d7598023fa7f6384352672ea3ddf85a324fce3bd2f9e836a175f69e83d28c1689d8d934b5399f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
f7601102a0fdd12958f1e70cbeaa2d45

SHA1
38b9605688f0d6760796fc7f74b9e22a8e1c582e

SHA256
6f4f92e770efe1fa2906e7744c788cd6ba1dc26246456cbcffef4b35f0bf3ae3

SHA512
6d59a43e75092d7d1ad9f53525b2316a49754204725c7c5feef3b4fa631efbdd943984efd7aecd93f5c01d70e7ac83b596781b23af8598ad53b783cb4a57c623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
b601d817bffea342ec6f044652f089bc

SHA1
a739a1374e8e1ae72e844b3735d812096ea2817f

SHA256
811ba222320fd7eadbec09f34210ff66036b7d6b15c10bd10311caa1a03ac552

SHA512
ecb0a0cfb64eab80cf02ad05028df3173b464f6c77384faa659c5818144a5a2e4c5908c0fd8876d0c5dc981276baaa836db523371f36c37dca302ed9d522100d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
e2b67c922349385896e3e950d77f5c60

SHA1
82f18aa86f601778d83133a15824a8d3c76bcd2e

SHA256
7e560a8e87edefe3ecf3a70a48c82599b2ae6480ea05c7138c2193426df1ea1c

SHA512
8c08c2e608fc5903de5bca4a4149ee1804733782dbf0162c68d3faa2ce05d1177efe8243b51e5f6ddf8b97d974ae779399e80c8386fcacd1861bf625f7ec7a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1006B

MD5
c928d194044c8e0ce34536696238edd7

SHA1
f9e72b0ccedb1a4a8e789fec3411d55742aea497

SHA256
c3ce80cc96aa85546447a7771de494a8bf45d62d0aab27c2f28a653565733e07

SHA512
f869f576904430d4649c5e39bb350acf1c5c86fc44f1ed5227f0ba45f58a0f6fa0f501e8bb1c393e056347be7c5121e4901db32bbec1de1f8916c99355709a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0167f38f930561e354187f7447a06d45

SHA1
9691e268ef8a3576e9e9e250b79adfa9ebfb4fa7

SHA256
5e72d130a93f562efdc404a063f3f256373ae51e4bf5977be5da147f2184d0af

SHA512
4c7a6aaec1f9c70f809672300213cd064c1796ddd34069e902b38c4cf79b5ba7398bbe6df7575702aafb9c588c87ba3139b61e0e940da6fa76554ca0f6adaa02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4ff01945b0bd32bee286d3546bf131d3

SHA1
1c75651a5c58d4e8acb05e7923f2a91c89fc267c

SHA256
54df005f6490bdd25aef7028e6dc7bc5277de12a7b3a1899022dd91e9c258d0b

SHA512
b1172afafab75a2991f3c0d5e8dec786c71f4252c8cf4c51f9968ac443b7a490ac99c54733b5582fa0a3e70f25715f4898d53e3d5d1a3dfe5cb9c425d1d43386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
92c849d61a299a53d5115bd16fe8c7ec

SHA1
cfefc0c7d98d81b716a26fdbe0eb32d8f670ec9c

SHA256
1d03cb88ab75649aa4005bc3568840ade7c0c86c714f4643a9c43fdd6b66d933

SHA512
56f81cc450e21c05beffa484b6e5357f1b4ec60044c52edf9b997f764fb13e59ca273e00627507c29d011ebe020cf0f8be82827a9572309816408cf5068c8e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
774a9bdb9507cc94b6bdc45fda7730fc

SHA1
848b04a4d5cfac7ea680e53568e2ced6e6829971

SHA256
f9b37b0f9c5b85cf330a93a1910f25e666f9ca269a14dca11eda176643345310

SHA512
69c8eda4f39d814eebbbb1d077e1c2dad41a9a789e859b4d498cfb527a1af09f32faf3da468cc39b846469ec9d738cbd93f8077712c38df61fa49003a29eb170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15de72fc324b38bae3bfafe12e20d185

SHA1
e05a9d6b484cc080ed045d09a40382061a620393

SHA256
6f451e2d5f5556169bb77d9edf9b17ffa85cff3a7494fd47159da80f28831380

SHA512
2bc41c53916a9fc60caf1b9816abf514843563422a42cf94ffada5f320fe9b2ea5bb1a915ff6ec59b218d952356acd3c7365e742d60dfb6e48a24423d7ffdd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
28aefb28d3617582a40e40313dc71cbd

SHA1
64bd765b92824b0a44b47573320e714a4c71b63a

SHA256
812b0a9f492c725948dd818ac12019a5cf00fe118d0b3e6b0771c63967fef001

SHA512
31cda108fc0de1d35ee013dca1bd1115683ebf86357693cb350705e73c2915d74cecaf2e3f781b434605818cec2a9edc95b8785c1ee087b5e768ab7d2e1aad04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7758b7dbba336ff752d883adeda5de04

SHA1
b02a67b56c3417ad4d730d19a405ff2502aa6d78

SHA256
f7f39d1cfdb9436b99146e7cb43f8a02ce1f18d7836c424a9ed6a1383f9073c0

SHA512
2bf97ce221991e0811c2882122ce38f306b7a5d8e8d6ed8e638774513c96304c0856a9fea3d4a32110458a069de8cd30e0e183a5bce2f889459c34b107031e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a78ff0f3b73823e9871cc0d1c9434759

SHA1
ca3a80e4f8bd1ef58654a9800c78728fdd294272

SHA256
f146bf5518491b2b17331f82f6284d45025175242b4f5095012b097c9e9ba847

SHA512
faa47e19d2697dd073db917e9a24ca451fad6a05775227f3e034eea405a337910cba6297439308d9bb35d5287da87221dbe625c9dc0d252afd015b53100d8e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3539136895dad234871507b386f1c374

SHA1
1fad90d10254cd0b38ed8e28bf119f363d1232c1

SHA256
2566842af81169bef3b09220acd1edaa914d86c5cc1393b0832619924344ee86

SHA512
e5727a0e77f8c6b7fd02be5e964d2dfb355a9a43172289acb19866dfb172c7d4ee1bf7810a5d6290ec55f185c059f69d65a17c8857fc459eab6f1aed4e7507de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
00fd7e1b1e49f9aa76abea3d8e2c73b9

SHA1
6a71275b79d167ad7ea4009391eccf5cff3b12c4

SHA256
5db92066793ca791aa574f96a3ddd9a45ffbcbd9c4983296ccbaafe12178c50d

SHA512
0f86e3a6ef57136b1379334b84b092a3d7afdbe164b84488db5a45eed7eebc7db91e0a9761bbe2bfdb17861d6cacb5dcfce23a94127bc5fcfdf5efbf427aefac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3864180993dfefb3d9f4ca7873037d3c

SHA1
c6acc61360ef28c5304d087873a55cc3d7a7d3ff

SHA256
d7b92340bdf3860d46e92d3cd70ba375dd1f267c8f680f6cd0837886a769e997

SHA512
16828563ec5e8f853292c5bc31e2fa7a474a13afcc1ab0db70d0c241e7e5b1e98a2226fa274cee51cba160d3675985c6bde4bf1eef3626d467c438fadd3e2391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
61fcfa19252a3fb4beb6e9b0e3ae1980

SHA1
f7d333b616338b95d333ef6297858835862ecb0b

SHA256
122905f138f0297afe2bb1f3802f49bc66e87517b9b30064ddb0391f52b05f4d

SHA512
08a7d19570c6b83dbd91d2e157ec28089619d9f8b8af74988956f0cf83bc3edc578df1ff73108ea68059be826d792690723b0db26a00201815d1e6d04f390a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
850a6ea91b47622522d1fb59612f605d

SHA1
42d960f5b9d08d27ad261caabd6309809a36bd04

SHA256
440e64e7723dc17c793e879e6895a3863841964874e9e3b0833d22bdbef7aeca

SHA512
0d9c43eb531cc93cd335fab342003234b070225f1f6c11b3ec416e5a6d8cadf860875a849842ef9eb78696801512b067fd81da340dc5eae0cf5df43e594f2221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c5b9532e92c1e6998f49e96d5615ec26

SHA1
02e1887224251d52d055f12b3b3043ac92f5abc1

SHA256
709e6691bee033ca5fa344958815b52a900bed0b286d51ec30bf0bb6d3512193

SHA512
e102b725448c981bbfde303df72eec1398049d595755549e8f5ef76266f23b9274fa0f6534f1233ede022d417279eaa688a1a3f2bc18aa0e0c4acce801dc8c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8ee779648819ddf06afc556648d85171

SHA1
c7933c8b276edd19cd919b1d46f92aa086e0fe4b

SHA256
3f418b7954282e6924ed068d02e9a7424b28352a87436cffa111dc5502d3465b

SHA512
2bb1956c81d17965d109cf8af70a1b6ec359f4dbd179e637dd5631927fa3b0afef375d96c4834fdc29b5d95de0a054aee97af80c6a21eac1de270811c328ad0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
76674775b68627b7cc5eeb9573f654db

SHA1
01c0388187a5504c7640e446779b23e218065f3f

SHA256
a0d9557878ff191e9da6c71ae981ee13a192c20b7cbb9bd943f7d32aa663674f

SHA512
4882f19c33ed905b423ba89bf6db97a79728bcede6a6b5b7f9280e5c5fe56dea6db3fe0bf691af6c04f7457bc6a8b84dd1c2612e7355d73f4798805bb7ebc55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abc1371bd379b0c274df0225b754d3fe

SHA1
279600e277d44a808a25dc18141255b0a594e5ca

SHA256
aa48a5f3a47530187f6e7690a35cc198b7e6e85d0630c04595dcd9e35b07cc3a

SHA512
066450403251d3399de697b18b3b61351d491092f422ae7c1c38dcb1d8269c85cd6fa4a347c3798e29f8f32c2b50917df44f07fca1bd3b96264de710ab118898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ea5c0f5953eb951b83fb2874ffcb6aa1

SHA1
8b3a2be1be4e66235af172460cf3aefe081fdb64

SHA256
884329e2bb1287a79eec0c9cadbde7d721b8ab59515e7095bb285850c55fc7f3

SHA512
e535cc4cd8c2bda62da2e7f0fb310c535a92a0ca001dcb7709bea7653d6adcd66e6671aa767b8ebbd49883317547a1040b34a3bb729dcdf47e9838e6a09119ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2246dee318b9a97420c3daf58163aa01

SHA1
5c26183d7268c24678b65acb44d18857b2a49850

SHA256
ecda128c8b08b27ea09f40882b9dbf54ae637c273708ad0ef91673b251ceb5b7

SHA512
b1a8308147cd3091b4edb2cdaa3d57ca84c98d7d29a79ece38439a00519d4c591d07a79f84995d81430bf96c8ed3478702ede073e8adaa29087091aa8e1bd7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aebc9bab1d18229814d570e3f2ac4ff5

SHA1
47d3da6ccfc955a92a11a1be573ca67c90f3f869

SHA256
ce1803153c02f3287523093671ef09b33d83e612b642d952286d049088434b5d

SHA512
f6fd20c2efae67145fa5cd0dde0352caa6af844cb6e104662445d18b6e3bbc240d885d39d34cf3b3ee20417c7b5f617b3f648aba2fa890fac7e3374e6793d52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a73c66e1749de603b49f22643868abb0

SHA1
9b149d9488bea7741efde4e0fc258a8707cdb76b

SHA256
5352aabe77153c3de74401ff27e8b80b099f3bfc6d05c16e48529c48d41be058

SHA512
fe3a9d65741a0bd2a3538409280b75132e36d0edf07a8130337039e728f14450acc2fc09fdd35c83080f0515b2e868009ff0aaddd074dd2bef93a9a6104df5f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
53d7cfa688c541140e54453e728a2eb9

SHA1
27b3d2e23a75a208c8a525bc061ac8b6eb1c4245

SHA256
110485895f810815e3e1b950d017d342ec1efb3da374431af2eadd12d7d078d7

SHA512
28211fb694b8eeb9c998b7818ce7bda827544ff5249156f37e6920c38ce06974bb842423696661a57f970136b3f5f0804075096a841385b241a48fc2670b9be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d75ea2a744032183720e1dec26dbba0

SHA1
60d23983cc898420090812ab427ad5dfd2633f17

SHA256
c8c79619d4b54808213fb23c43039a5c30eb8b596be79fddd08f7f9d84e7fcb2

SHA512
f894ad3b41e0f922360eb0f39247cdffd1c503ab709a430e910f37efbe9e45b5d09faf9027aa11021d923ccd291b85f9277e990735dfba7a179b6c2f34689943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
21706eaf24c223e7c6a18b495c1c1e68

SHA1
a4561c233a9b40c22b914485b0403c646a68c19c

SHA256
de060e4f4d93e1891bff346954a8a798120cd9a3f2600b069ee4fc686c6476c9

SHA512
2fe3b5867058d99ff4c1e40e3c5e87180a831b02f7e0f4104dc6e79d948388dee7faf8e57f18e202442b8088f7acf2187d11aba6ec6353b91aa828bea540956e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0ac34448e527393e036b06409a43a0c9

SHA1
1938c1c61c198e21e0daf4fb56bfcfea637d383c

SHA256
74877e9eb5d268e1682e6867a4a97a86d4ddf5c3b1d3bd0724db30c2c51fb275

SHA512
9beac816fb1bd2dd3f9f33eeab94b9ee8e120d093e5aa842fc7e483b4853aa5f115cb51f8164a734aedb7c653b08fbddba3b1aac64b9f1bba49f4025ec931721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1881abc06410daaff5a936008a794669

SHA1
d9d77fa58b03b8f95ddc0270a1ccecb0e2277e99

SHA256
abb39aee9eb6cb5442985ab323c116932d548c7dc68d6dcb40f2dbff0cb60aca

SHA512
54fa0eace0df83f884f085d3f4a8f70b2d51a2e752f6915717d87bba42eb80ba2c0a05975d0d8a5b5b9730d27c06c32efb73fc80acd7f1f363b50c1138259e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cb6ca04c4bb76477b2dcca5258e0b281

SHA1
5dd713f3bb68d88a54cb74b07693f962377aff46

SHA256
8b9ef355346088493b07db5d8f31af56dc01d43ec864039d2cf7fe4f374732d4

SHA512
9abd2bbf2e20fb37bdadb381b89029646aa00f8eba273d4a0cb88f4a0a4c8bf2bc0c2c63081aa8468eb1bf7b771f2181cf526fd6056908848a66e1fe1390df49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4eaa7ec3ac13a3aef3c85a179b66be03

SHA1
6116fb72b7f0df8857b73cfd24c392cbe403ab03

SHA256
f18148dda285bcb69bd1df869d037d8ddd5ac34fedaa28f499dfa01113541bf5

SHA512
4c087964b8a8d44a6d8a6c4aeb4a727c1ad222cbffb5849b7f5ca06f8f19527b8dd00c128baae04321f4a7283e21c189b68efa53a7aec997a95342a0c787df34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1da79564ce5107b65693b26e6c325239

SHA1
fec8121f2e0b8f6908e8ddac43036e5f18ff257b

SHA256
7aac102a2379485be97f536406252b6ff3eeaed3edf6a420e9e9178289f2e3bf

SHA512
aab85ae0189a3be0a9a162f1b48dc6260fd6d14ac6776778ebea491adf6d75be234982536dcde5a4492a798f61ca11c16bb39231ee720c478b0eb8fa15547645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9f5a3c8770eadae2d544178310f593b8

SHA1
35e804a32b1b2510847e11e05e849f4f8de421e2

SHA256
fe6b14bb05aafadb9531e7032cb8f2d1f77d6567a9b23c43defdf87c179c4d81

SHA512
1a3fdad9c7acfb1f1d434df2eb29991811cf7bd4c9b2acfeafd85bb7f117318de3604eec105e5c268178a6703a6afeba18e2c4305ba59c33e4a974a9b546a7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b5f011b8bf010fbdbd6eadbd144056a4

SHA1
7398d11e87114423ea3834651bdaee48a5bb21c8

SHA256
10dafb2363e9706a9a9bb5e25edab80059bb8d115b842f8276f8296a32a74ed3

SHA512
9c6d5ec5b4a9e28446c52a074785a98d2a64222948adb93d3a2d7cf0aa3413a61faec2618b2d7cd7643bf4afc306bb241d76ad2131b6556c640581431093c591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9ace9b5da0ab306b37aaa7fb3ebbffd6

SHA1
45e7ffdab3bc482c7e086b4f79a52d499ae07443

SHA256
d64bce78e4d37b1fec0b96f4dfc3743a45251406d399911fc3e211972743ecdf

SHA512
b9a83fa56c261e228c538ef4e447c9e358fb095a0daa11f2358380b65492cff51cfaa9a319998755f91e1d14452f0e3799c04366f29a19c63f6a31e304125091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed5b2f8d6f1ec9e3d78d3f264e51637b

SHA1
d5725448be376489105f74325787877a7570ea63

SHA256
21c0a6febedfdbdae759f2efbf4a6390425162f1ca7855fcaf20710945813f94

SHA512
07f1ecc434297b41912049a9d282b726ecb833e96842acea4237e34050daae7074dd28207426f7c6a136ca337a6a5f74cf1db0930d9e90fc8d63c3f4b39fc81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
10000975a4808226deed02a0f2f2b04d

SHA1
da8412c34fb9a0fad537fcdf14b6c59458fc5fcd

SHA256
19599e66f72f02b1a644471529a8934d741c0b01a66e7b698f5077ad5118c8b2

SHA512
e10b5d0e999827f12bc37f03ffc0b944f6afe81bb385f7fb8d54360045bc895c283fba25df4e1095d315570a32a3d1e6a6f9048802b531a0862a3dc053e2d778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6d013cff3af07fea2e9f2c69bd887706

SHA1
68fc37130be5dede42825b59bc8de0f363e78fab

SHA256
455f555a2db44b0dd09a8a56e238b7561cae705e110b8aba4d15584c9faf199f

SHA512
13f66e75da3259a826ee390b8f3438c532b272a68106ba369d30b8c33199ece0e0d467feabe575ec041e8a45865fc22d4ab0405b5f417ded33c52580830c0f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
33ea039e2d04b746bc5c97d6a99778eb

SHA1
09218b8f0b271e9c5fbce9c8b30cdd805c1c58cd

SHA256
c53831ee9503f8640e239f14ff38b13a53287e999808d8844c899b3c334aab08

SHA512
a646d4c4c8695423a06fd068ff20cc46951433f1239c431531d5b96de7a590e429d1e8276eda7170f5b61feefcfeeb80ed376777ea9cc8394e18014379334f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2953b92296bba8fa615c8fec2d92b3d5

SHA1
db59d76979318806871573c0f49858e17201160e

SHA256
d2b59834d1bf5b598f1f927fb6884bdfe4dce525fe6ee662d5570e191f71a39c

SHA512
6b76f270dd2bef8b103d24ce000f44ee662c40066a6b447f7d417f1a3f8e77b9f77e6345b91eff558ab79f33e1c6bc45050fd5a154ccfc701d05ac7d28075a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d1829efdcc78c1f00e1e06397a663870

SHA1
7103e59067d413866c0f3f7a85cb26792bdbd3f4

SHA256
82c028007de2943f509ce0ab3e38dfae93e3507a9f098bf940b9df3c2b5eb237

SHA512
2642a1c0c6db704695abc08e59117200571a23cf212161f22dc0fc252ff8cbca0af02ce2561103c72da962ceb344e0ca1e9b4e28eed25c4bda1528349d434ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b115ca2a6f017408d9bc471315c722b0

SHA1
4f807f4c5b0255b3af9779985f8fbfd99756eb8f

SHA256
67c99d4297cf65473a2c6d64c71818bd2a90d362ae3eded311a4e8545a357c8d

SHA512
38359fd23728d26e66ec109114d09a43b554327cc38e046ecdf855102601c0fcc686f0f3cfb7b7c75997c813850224fb129993efe32305c525865b4f2127a0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef4799116fab1b91047ef43d364cc5c6

SHA1
cc49fb2a8f1c56a6feaaf1f4a7107394bf4dc86c

SHA256
83f32298d99f83ea1af1d6b02e2f9e71ea8b62c4cd3cc4ffdfcd3c3812593595

SHA512
5c22a5d45455f37d88fd119552f7aa3e3343cb2f4786642c47bf704b746d3aaad7d90a8bf5ac8df9f5def4aea8869b8b4e8e86b1bfd21222e57ac6cd958217d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f843f7f3c76a564c42585fec49e8832

SHA1
b463193304b74b781611aeebe78ae790e862e48e

SHA256
f5a881bd7bf761dcff4dab89607a5d38963925debe03b59cdad57d8072c7b2f3

SHA512
82280b5beae9bf32237f188fdfe919364a3288e3c3c57155ec70104627c332e79f246949744dbc19ba39e2782b96e23c2e073771cd291baf99b55130117a188b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
537e9b14ba4c14fa0efea5339c8875e8

SHA1
95d8633be185f599df36cc83d0b236126b23ca5f

SHA256
87730cf3c9ab4682f352cb5fe219ac46ee6e110297a9890d811e52673f63fac6

SHA512
3d05d9deafc38043ec4c1ec11c5a34e5b87fba0bf3be5940c059c4707001dd480adae4b81b8698ff1b48a3a7f89ebff209bdb238aed5f18d3dbf73082249305b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8e5b482ca961104b9b2f82c26d94c94c

SHA1
7ea0c2a3a929b90850a9a60caf9ee66b08c37518

SHA256
a44078c1e99bc927a45d84bc426a07a74bf71269615c89601f3fac4cf40b9a49

SHA512
24678bc6f10b27fca3c5ff531637183a2c51b41f0f922451dcd816864c1f3a0b314d71c183a15c1cb0fc55c73c7b8f40812733afd0710d0c38502bfd0eedda17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a3b10667d1744d074841aae7068777e

SHA1
68ae5587bce46157ddb4c0218c2507b60e0fd0fe

SHA256
25c00491bb87d31664617e2424ce156243a1d32ee213e2e3ee74853fc067a0f1

SHA512
ae998e75e7d7276add9525757885664bd9df20e5fc7aa33e9814a4cfa9dc038c95b60bb6853f13ace92d82ad663ae02823b52249473b28d2dbc8f27221bc8f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5836a1587aadcf0aeeef0989237c57dc

SHA1
af700fd90afa5218837c7d4f6d772297fb4bd151

SHA256
83aac777cb29824feddf776d39350e1dedc1b06eea363b4db04c41dbd31fdde7

SHA512
6616e7680f5064650a1532ed03a268829c6f1561ef89b6481644a161a622c7b09cf0d2fa5ba444b4f89534a1013334fedffe9b501af56b741a3484086c3dcfad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2cf5cbeb1da91fd6c29c6859e88eb3cd

SHA1
35689795046f79f04eb9fe2359805b5db345cf19

SHA256
f830bd324a0b8fe4c08672a6ad4fe84a283c4c474ffb2a723ad66de0a4d68228

SHA512
d62ee4fa3332b75f6e668d9b1d8feba6a4bde504f8dc1478cd488982eba078c8ae7a221534e0a70a3a50109de5be883fefa3c2fd5106834ef51aebda85e6c5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
69a5f4180de3348bf88cd67f271d215f

SHA1
bb4bc8275ad45fcbc275cb5e8d14422192cc13d0

SHA256
329e53d2965df667bd7a72e61fed551acf7769e147f21224353e60d6560d0f79

SHA512
e22046b82fa321d0e0ebb6495b93f2197f960296331cca4161bd160e720d35f2f0d80403b7ce20522a970f658434b0ae0d71f0f6a25df424b8786178c6bbecac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
544254463f6c457d60959eb0961f1eb4

SHA1
cb93d26066bbc0e2ebe2e48837e9c1abbe15066b

SHA256
e3c5e677823b39714c0cf0c2874bb42f6401c4aa52ef02beecad61050495af8b

SHA512
73cd16514e81e24b243400bf7960020b05fa3b8ec71caee4ce88f8b1857705997e2d75eb294f02946b3fa0dfd0457e41e9acb2435cb37a582a346ef784972145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a107e00883c6e1305cc6bf19d2fe3dc5

SHA1
74e8ca6e6aa270019deb3567125eccc71ab73eb9

SHA256
d1bc7a1c202cef79ef6fafcf3f6e4e809a3859405341dc62a2c6d6ecab7069a2

SHA512
6af8314aa88ef0dc6a173600fafd1f6f10123e6fb84d5694a2029e8af72e032aeaef859223bd1af43e21587456e55df7004e6e03f660ccd50dbd7cef42bd4598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
be0efcfa84444c62235f9a612bd14b21

SHA1
dd4275e209cc32c3d4f66bbd50816969b808eadf

SHA256
395d016fbd7c518bf29df1b998a33abcded490dc927606ad6dd2a4819e353ebe

SHA512
1ff6e577af11e5248ead135529cdec4ab2b8bfd14967e911dea9edd824e584676f5b19f3e9960b1c64453bc62f3e37285e9f2f3d8abab5bd0e0b3f3b159f72b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e08a46ab766f8a2d2d51763596cddd1a

SHA1
9cbd6a676293ad9b2aa6e8291f4cac72447c01a6

SHA256
543839689c878344fd8ea239a2b8e3f8a0b20b459ebcc15c7746906dbfe54959

SHA512
a2af1ad5f4b573b12406986d621cef220df993d3aca135ea7d308773ca5dd28a07295ae902cbb779181528e239c5d61f957009f3f7d63cab3fb98f774a8b4989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a5e2526c5b41bb7419435818615066c6

SHA1
c2125ec523f4f5208c4e935a933ae6ff8e6efaa3

SHA256
bd9ba146861f7ae02fd454c549ae4de1d81279fec9c03e034eb94bc07d0fcea7

SHA512
0e7f4b952c8e5bc4b5c736b0e17bccea8f4abaf49c0f2ebb8aa3f81dd2917931eec7c43f1e6ae6aa47640d55fbd2c532e3d02217a8172aa0acd3cfd3b9db2a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
617568d937e102cde664ad06341bce29

SHA1
c596b2f12c7317c7890bdc20d9fc5977ba56e7dc

SHA256
dd84d4aa4c2e10a1a46d33423e4564700cbca8f359589c83dd55970100be4594

SHA512
64c65ef545e3f1bd8cb9cb07b77e3dc50dabbef384dcfafe1bea4d246a1cff535d0e4190b46f0e1985b6d4162596c9d72e3991cdcd56b0204b1b47e6288935ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddf0e44f47400146ec2046e63c836eb4

SHA1
05f291777396f39441a411e00a49bb6402231036

SHA256
9b7b35933685b612c4e9c139ecfead4dfeaff438b2e0f17ce6643985cf78b6ff

SHA512
40e5beaf3da8998917853c57f193de97b4930279deb470a977a516330f5529a3df2015191d06fba1085833858a5b07f04afe6c1e04743fb2e1797b4305299373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
10b7132c4fd6bc1bb0b15231e09c58dd

SHA1
5120ffe59268d98c5149b705d23c3b2c6e6363d2

SHA256
646d37e188a48b84cf7339a60bc278dda50d7e32f69e3e03dc56ce0ddef2c6a1

SHA512
353785bebdaa24a5ccb500b91399869f9d9af4b4761b66b2e97687bb3d29e71dc622e1ffb3848b0a0cefda3540da40b2a6be8f799de6f354eaa1eacfb91c2d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f3f0f85e913b3f7fd6a55ba05a700959

SHA1
fce7b4bbe2baa2f6dd37a4b8c09bf98f3e5154ff

SHA256
cc89a324706400f484e10b1f5fc006c56fb63d917f863594aa5bb4579aff95ae

SHA512
f9f635c862b66167ac810bb73a3da208ac89754ea2164f75d38cd6c13d4a3837dc52b38a0179cf1eab6553b6fb6258740bd858e4db082eecf2e2fb895ea2b24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7636536763c3fc1e5631c7c44fa520f2

SHA1
30358456237ff995dc3923e5729eca76e6151920

SHA256
6414caed06c036c12e06554a42d5dc2a4114a63c6c41e6e34c6d83fb7a36b148

SHA512
8eab0e6ec30fe3ab1e73a3920192a364a68b865c86c8aa6c469ca8006202fe1d1c79e81addb4e9ccd6038859b1fe34af67f2e42eb45824bbb2655a53e5eeaa82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
58a4ad951edccda3c2756f51a4766850

SHA1
f4e8bc72fdb15221a2a5c5dd40c6143949f008bb

SHA256
a91b486264dbeb5e4111cee214bebc957c12f090dc3809878616b2d634b0a491

SHA512
93b3f9d1829f737c0cd4522ff43bc7af452848a4fc86e67f07cbeab816816d506705975fe743a94ff4c3682e45f3c3cb0d804f5f12336c5e9f0a0e25b4d5fd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5849fda8b55f5982db2ef378e19d911c

SHA1
de9e46bb07ecc18f749e4fd32ed7ac9fc6e2ba23

SHA256
54b7eedf332129f72e68f377fad9b26fb6b8e07a85bd18d595d4af177f8e051e

SHA512
d5c18aadc519e566325186f810b37ec71590503a9f9301056bc9804d9d8e28c17cca1b9649ccbd8517637f6f59fb4901fc385fd80299ffc69a2c1c054efc3e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
66ce02b62e0cfcd236013b4c0d090aa8

SHA1
8aedcbfc94aeea0b92809f88fd09cd5f02db54ca

SHA256
7d3876b0e2ea255760d32888955bc69c5669480ba6d1e082944059bf0642c9cf

SHA512
7376ffa51b3965fe55918554db217802f795142d755291619f4fdd9c84f44ddaf263e1e2219365ec40c5cb2cb9e53c1160b4f4ad4ef56febd949a06ba62db5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5a5b8314329cabe6f3f180c9ebb8e156

SHA1
2269e2738fa57f1ceb56521a8c4c02e4d93ac99f

SHA256
cf40d5089b53649a71ff6c29a69a683467b73c13b52935f53f87414f80a3b176

SHA512
c937b80b9941b25a270888cf1b3ccb7e0693ba66913ef2e39a33e55bd8739cb86479200e83c1b7e026f8523c263ba836e9bfe1fe1d9509c6493ea92c424e5cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6559edcfa73f3eea75b0c7472638669f

SHA1
d017d638e60b75b09ba55eff10ac92849ff07183

SHA256
d7090ac375f95cc96b08692ce1ec59ee4b93aedafdcc9fc14c945971e2248e1f

SHA512
d5fcf2632aa2173e0197b56f775e063b618242796b64ec36e8f5dc010c2b05da7cf7b734698e4f509bb3414f4ff7b391ecd4371b0863db9b451d8b88b7bbc191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d2415c427cbec1f8f6f1576bbc62e6cf

SHA1
4cdd858ab5b535b432da4775c12141fbd8956d5c

SHA256
e19a058c4c77ded5ff8cb164a5349d67a2805a6277ff6cbe16283b12033c7d2d

SHA512
abfa7c752fb10850d6e39f13cc01707961b4a212885e8f01d5ac94e8a8ee549c501dd1a9945a3f80a5307f77b5dc622c381ddee87cc08cca799a2527b747176d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a74675fe619e7cdef2ba0af2e1d0334f

SHA1
274f30f292b3674c4ea4713516d7f80abd6e1567

SHA256
9adb8cf1eaa45026a9e292e7fdc107b3d54c943a857009df2f14511e66cb00b2

SHA512
27a9c7f23908ade0b1fb48ddc8185cd6d75e2f177fada44217edb5c1356bb9cb17671f8886326722cad688e46eb782175e4b4201b7fb14215a294ffdf6a33701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
45835104db40b518f8eb7f4e3e5ac3ce

SHA1
9ab698fe97c7165e20844dc129b2d967c7945262

SHA256
8b8cee54ab48dee82253a68714c4f54bade77652623b3751e36b06deee67979c

SHA512
fe46042278dfe0de7909a9fac4be8a509fdca2fb942b2170bc2e2b8b704875dd37ff8fc218d1d2aabe049297080377310f9187e2df4064c0821d6c116c94d77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
71afd97e1e2eca8f1bca8c2d323ccc2c

SHA1
133bf4a7734963b53713b2caa8118d41a8641391

SHA256
785d8a282a94ada3009a8a7f19b43e7fbcefce9555b845a1ea70366f464c5612

SHA512
f140375db5f5cde423969a71426fa09b0a62b98425a93cb6b959dad5515515bbba7e1ee5cca111ce85c7c3416e33bfcb452f81c53c95084732f4146ec3d76619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe63553a.TMP

Filesize
2KB

MD5
8b95b135cdf067b93d2432ecf7369731

SHA1
603e3c6f3222a3a30d8c3d90f42cd6b97faab1b5

SHA256
39f4bbe1fdbada1c3b20a72af4978bfd3c8ac57ea509462870644c5d206b8f42

SHA512
b48f5508f40f6cd2552d6c12a2620cad41d8dc91ef1db17894ea6f7c69666f3d470763a72968b8d94e579d3f4cd5ed48927ba13dc626eda028855628a76155c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4bf71a0f3bda677e3d26dc0188853e20

SHA1
4c22b861f14db6d967dd93eb87529865d30253d9

SHA256
02ea42df1925381999d6161a3e4dbd94da881b740508c7acac61d0ddd7143a2f

SHA512
85b0ed1203ee11f735894bbf3e8d3a62b19a75e3746ebcd89ee3ca7b7327e12aedecd84c25ddd595c02081cf5b3f7d579b6d208259e189409786966b26de6704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2c9e184756df6747b43a55b5a4b209e5

SHA1
f174c07ea3234951f5cd937b10275131a71b1b57

SHA256
546667cda7a9929844bae2779f973d0bcae93dcef5cc6f3ceeb08ae938797af3

SHA512
a7f29b0a131984dd67e8eeeb999733c4f8646db4ae4bce5d312bdcaeeecfd53ccd4ce1f060bf4f1339286254edd038b70f3f734467b7d4abd962b4631fefb9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0c7eff81379db4ffb8727dfff13deb04

SHA1
7e72e3ee4fa79e7764d9fd193c843eeb33c5ad1c

SHA256
d504aebf951ed544ea2de846eef1887b05c90627dfdfb57dd45a2de456068bcf

SHA512
d614c0791f8ebc9b9bdc1f781fd7e3b3cdeef2d5a8dab62a3604743bff01c35e1644e3aa6856b6029abb672ec80132306daab4a71283060025912287bbebd792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9684fa743269e4033ca0326042dd0885

SHA1
a7591856c197c044fe1c0191181c9ac2a39d862a

SHA256
f2ea3dbc811d21827e6eb4ed8f5d82190d077499b5ad1ba74352cff4058012c8

SHA512
85c79fc8b2322185983e63a019003c3a0fe34519d21d9d5311afabe0bf15704d1228dbcf285be8b3cd6fb76ac35e429d29627cd634335c4e1deed19cbe963e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
35a0da6b779750816e6f152a946d88f9

SHA1
ea77feca847eecf51e913529d5740e78dd7eab37

SHA256
02c3ef05f7fdbdcc3fbfb412be8d2aedbcdfc6f84a5bb5e3128a7089c70f5025

SHA512
215abcea2389ddf1e3252ee4d36cc6f7dda1e4ff1e1b91417b4b06fae42c5cc82c18b701c542b38412ac64ac55acb7f3883e67b879046dc177abc245f2d607d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5a28b8d72e0a45fbbe2405a1f09ee477

SHA1
b3e0ba7a458178f991755bb8b5b0622425a56ff2

SHA256
ff92bc8849b57ea96dd1b861b75011d717038feca686405531c6074f71c45dcb

SHA512
84d5f52ad37608e2d01e6d757cb193ce78ef980b5e7da3f77fe94e5e254b8f1fba2f7e778e39ea3fbbb60a69398ee4440d2b46a85f6a3a5aacd5fdcbd59654d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ad0ee2a8a1ae95b0bf0aff4fc9161073

SHA1
5774d1d7d881cae7468bb0347b7e42eb0d63f3f7

SHA256
7d6fe7e55cc34ecf417133b052e33e5206a97131efa26d64fcb60f3ff1221dfd

SHA512
8f66dd767e98d66782f0a6462ac548bf33efdeec52ca02235639781126912b1f696d35dfcd983e72194e8ef083dd9096362c9d2c838f46a61b2e38f80c1571a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d550dd698253148206934adc70a4fb8d

SHA1
41f2cb98b001da871414f467450e126d6f5e7fb7

SHA256
91940790e999c72982b44bd04e8a2d2c1339cc69cbfb359151c948ed403fd9b3

SHA512
c015f52d85d5de96475b80bcc40d3ed995528d8e96fc54f8e135af7f4f084bcdf62fafd8e8834944b293764a58c87d15833836c53e27d33dbe13c94152fab631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
053bb4419d8822af4bf18458be3c7e67

SHA1
579d8aadb77be5979f5fbb821d9afe96f2801229

SHA256
5002b50b2c16b9348326e02f380113603d9ba454dc4c497def67a0023f6904fa

SHA512
5e39ce0d7189bcd8628c37cd7be86ca6917bdc3b59b344d80a50e4307ad51e0c75fc8985c6f5412ae36e8bde9c10b5c86fb67f2d3d1f0b678aa7d752f770d7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b9e4f3e017efb803d71da66650e57a19

SHA1
f8277fea670c698c37a04e999d619b44d9e2bd37

SHA256
47763938af6a2839fe2a09b18615203009080a6725f56db858bff61b1d57a07a

SHA512
716dd160642b332842596f9949df222e278044184ffaca2edf44b7d9421a15a29f77ea39d24bf1a49e76c93ffa459429164211bc36c2d791fb2711ea005503ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b79c8161e802efa062cd91962d35cf9c

SHA1
29852d8176fae9f828023f7e1bf39505d1b2501d

SHA256
8a3ccd132c5f4b82f67417e072a349e6e15d66fc33772d9e05f98bb2b35669a8

SHA512
6f8f8a858c24a1e4c77a4da5dcbcf7c60c0e74f812013665d069592f922a8b461aabc976d8cdd4b1faec0db7cd24c4adde621dc635bd174136fd416654181f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6b79bc2bb4dbd7b2cf799a92a218c535

SHA1
316a30e4b81740357329fcf48d083d1971c5f37a

SHA256
d00797a57ff7e02888f2c6c7e8ef1ef5c11d94606996e3d9d4dc635e9dff526a

SHA512
2ea3631fc12b1d9aaf8b7d03840868a15ce8a5009ca8ba9d1fd0842f4252a0ac41b04a8343653cb76b675b4f7b314cf1c519f4ba9980ea47c30b1ab6c2945add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed0221f72e06b0eea4ce769666ccb4e0

SHA1
8b96ea1bef6d73596425aa57fe6ff3966a97c3bf

SHA256
82ce84eba075b49307f3be351185c1c590296ab9f2569016d2e9b79458b7624b

SHA512
7a9957871033051ed347cfe03fe74d7036f0927990686cfc005acd2d8a946ebae1b4c814e9c7b8adf12b56a4b018e45367e01a92cb9c637bc525b483a2f628ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2df854167dcfd306b0297d3972dfab19

SHA1
440e2924ff5adb650901fb0b1c022e6820880092

SHA256
80d4ac9e77c6b3609c27f3f7c5d905209f26f3f5407c63f4027b278c7b135f9a

SHA512
b3265fc3b5ef16efcc1edbefdf29de39bf8c43ffa608c804d4d57745b10eb77c85fb2947b27be1c82d6330db631960f36f4c6a066beed6716010938aae83cde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e436e86ce6b39f7c13f9bc7cea228e59

SHA1
a60dd52a7e9302e00fa98c3c81cf968e89d43baf

SHA256
816050549487de6ebb00fb860168291179157628c52ad523c632bc4623571958

SHA512
372f796bbd8623e9bd95da20a2fb6b0de153c8ce1c6815f041c02383d3637de2fc7733ef7031e9904deceeb42c4935b8252bdbdee446db8eef04708868fdb6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e73744264dde0e23912908d7ee995285

SHA1
0fc999351a4e7ec9fd2e417f748c7bc3d1aec0d0

SHA256
8454822a76b7bf2de658a06f0eb6556d966236d9c66cd5c1ea688566abcc6d2c

SHA512
3af551fb713fb7a7ebcd32f8edac605ee44fb2625daa3c996f5c7b222cd709b7e19c8587229c8eee046e43d09115e9208abc02a4879266a5a07fa320e6f4edf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08d32cd2cb5617fe36d43298952ac8dc

SHA1
dc6065a3925aa3ea33e1b0252bc46723cf019aa6

SHA256
6d0b1ae995a8153a7d4bb0d59c62c9063a0bccc2263cf5f3767451664a262d13

SHA512
417b8d7657e3c32c498041be94de3ec29aeb2aaa7ee23bc03f11c056878c410d6415a006e85305280034410510f0d6fc56cb875ff6953f281f4ec9af327026d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
13e319fa44ae6514f50a4a0c0d3406db

SHA1
d823d44a7e6a1a36f4eb159ddbdd7d0e494f55f5

SHA256
029d9ba83612330c38e95ed0825bfd0253bca562773880d6c50e60fee1791a34

SHA512
2ef772253a37ba06c2ff68bc7848c5f41f6c6e1b846a9b24e4bb55e94fe7d7d3acbb4ae5bcfd73618da9eb6f39d743a9537591a579c7990dc192c8e1b0f0fb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f797dec060d10a449c3373d88630168b

SHA1
25dd501d0bcbc566e30c8cf4f357b83f9e22e0f8

SHA256
7bb33c246a07b0318c7e84577995a5b7c4fcc9470d969abe6c0d4f9e394470ca

SHA512
5976eea8fc1af4f1e1446fab4b29325d728e04447928ab227a6838c61742530fc51de6ec2f2e5f7517839fc241449972f78236bf0c66cc8f1b26bc528c5621fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dcb0e64b3e025ea936c697f09840d0ba

SHA1
e2861c3255cd2946e01b6829ee5c12eaf7a8b6ae

SHA256
7eb0afe4c59eed9f5c44f5b88a7a330c15dc6f865773583d623a8f611c45ad1f

SHA512
9e8c586c8f3957cdd81369b09fad1408255f9769563cc386418683e60b98a5461e0e4b212a7c2eaa7d29b2adc1759e74184c4a95fa0b48bf1efe55a348bb5304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
95926c4e8e08958a21ae198a6905f464

SHA1
a2e06e6c270766ba725bb5f74823c2d95aefea78

SHA256
0f42aaef8e7bcec0ab00b6808e6408473500d26f8339247e114fcbb22c104635

SHA512
83108c0b349084a3c8ef28db05e422e8cdc6acc0c7e269aaf25633dcbe6a6e84ba36a625ef23914295d72bfb4260908f87e8aac30ee748f16505558dae94b3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b091bcd6ecc9927d00936717e4e66d0

SHA1
6e73a2a2ab5006e73ddeead915be0d1629dbeb60

SHA256
dc28e34002aca21d17c8244029005906b575d1511a7028c63c5c08b6de3c7095

SHA512
560095f715c07020d7f433f87458d5cd1a284c550248d01fc72143768c9de0d6454d64fdc358cefade471083bc4c61ff276a01cdb61e073ce0372b2c02d89404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4a3ebb977eb95bba22de2efdd1964697

SHA1
836a440a703a6c1ec1d1d1a53d0ee53d5c5f199d

SHA256
cb10c321ad0dbd2ee3a301f24ce10051c33fd109ad54a7c162011398a0ff9afb

SHA512
eeddd49d443ac4298c920c0a8a9db0ff5e1e48fdb177ec6513ab4857fc148511758ccd395df7985c451afe0090a9ffbaed2fe72959f92a942bb37d5a1d6cc544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4cc162f606d3bf246ecf670a0b4826b8

SHA1
3e288970f214000ab019f6f844f81f0c168744c6

SHA256
54574f9cb31c1087ba64a75b77db2953a2365b1a9926d8fa5adab1226f23662f

SHA512
4cf36e69973cb2ebff2d4d5b2e3a830697089591914f674d80dd0437ad7ca43a6c99093d40224836e86c2153fde4bc38ed34e522a46807e1ce101504534a3afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0e01d22e58bfec897c165c4194765227

SHA1
5be55b58f2aa45bff084888faa391fe84fe2f5e6

SHA256
2ced4496ec02698d3c47fa4d3c9ff69462901691558faeae9c9fd0f565b5c907

SHA512
c20f9cf5407948069bd6c134103e868da6b6fa93392881939893120710e625b5755d6bcc93bc7fd0e46918129c1851084f440782e2e4afd212aa9d6e1b338cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cd22f19e7e60c52f3ec1d500cf32a581

SHA1
b245a4be76dfc6b2901e945a174bdcf7b00a9beb

SHA256
dff319580737490c8a0c26cafb187bf089109dac7bca0a2326c7ddf5c49171ca

SHA512
0e8f2aa8766292600a0469a8e51efc24cb236024f5f90f14679208c6bd70412f3f8cf3c0af19c0f2c6263a54ffeb8c7a5dcaf67b3e6b703eec6784bf5c375eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9da5ca1c3f38375a231bcd0733d29f7b

SHA1
b98e3568dafa0258c3ed14a75335cdb9ffe72bd5

SHA256
932034f8c537e58e9a1e291542e92a0adfd42b28b2afc68adf59d8163f4e138d

SHA512
797e3da3f373962fd478c608a6c82681f50e0f50113d15012f2d905bb00a6faa7111b363c3ed1dd06423f1430be340397e8a576d604bcc29f1bdea633dba869d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f1319d1c6c4f37d569bae7f4b42e8acd

SHA1
ab65772f1bed1af82ab24c722f33fe3e45860e54

SHA256
16665cf42bf14a4673f756091d141fc7ddea1cecbe14af99aeacf1bc198c59b5

SHA512
3b6c6d0a2d60bae9ad295886b28d50bb0b3ebf3c5ecad5ff7cd8f853d814389bdb9553bb13fe783fe6560f5332a642b23000523fb2c841c1e25708b3d2ad6d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fd955dba20ef1ad329e44555d8170d97

SHA1
49e20cae3b164457dc7ebb9e3b20666a92ab248d

SHA256
03b694a7f0a7d7cb7f5a0b456f061a26b9a7d3ddd1051a365c964c4cc2b037b9

SHA512
410811ee9702be0a89599bad483dc2bf24b7cc56f32b754bf7e48b430f292f3099e82be17a8cab95f7716cc6fbf790169fc79d3acb31e2e17ff8fa241c3c1e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
84f4b233e79f66840ac2d68543bddc36

SHA1
594b6292e185d8400e1cce3323f105da1ef22537

SHA256
5259b2b13a91ab69568267a759eb6bb5f32edc533e2548fd229ce073ae5211e7

SHA512
dcdda436ff806d6a5d349b6807412d111cbe7bce75ed15d3bd903f3d0cc5494fb300421a686804e2a10ac73fad4c29c69b898797d7f16aef45bf9d9dc02c2f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
646e864d142218e0074c6720de2c7800

SHA1
4ce9fa13d8484365dda34d101d16faf22d3b8c28

SHA256
9842dc3e7f4ed0fe232ef3c8440581a3eae6a9d4bf973832dc1e8dbecec0e87d

SHA512
2086777a4de8815d61cede4a087dd5146a82477328e9c1d741745c361359dfa2d7f8d8fb3c29a22ba3748481e30fa6531864eaff11158099c84ad6b1170f2dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6f69e63be32a5834ff8a3d0570e204b1

SHA1
7e4f4bc9a7e752345512ab5c0cf7c7eb7cc0d292

SHA256
8a81c63dffa1be180fca6fb7a2131b36af334d5be764c8eef8f6b95333ea3d66

SHA512
0f0306b845da07e26fb89f64bdc88398f5002274fd6feac368903ac1f27f05df40630099a5379f80d2c79c47ade6ae08c0078b1fd0ea1220b31e7875bdee4d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dec69f787bc521074656631036d20317

SHA1
17ece05e812326abb5fc530ccc689debc861a948

SHA256
32d56ab8e23522006e442f021b6877cc29fd06fdb2273b72edc5364ad23d89da

SHA512
19e41cd50bf1062ff6854ec3da902191b02f3bd3a689f95640ca86fdb7bb627067e38639ed29e2c6002e08ad6ebcbafa5d80262ba9c8f333769ae84fdb375861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c2e919ec02aa0f91e3a37cd98e5f9499

SHA1
519226af553e636643ecbfb1d37c82db9144a051

SHA256
f72e1659484f9b2ba18c4e22d489a8565789e460f5ea5b9d77dfa41b14a74615

SHA512
3d12069ba6bdc1e775a5205966e5bd5ecd92f2ac58c496059b4c190051e8728378de0b49566fb6957e3e3e59ffe63d294973b2d6e2371e085e479fc13b1f339c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
301ae40438aee9958687ade9c1d13db5

SHA1
691df3ef27cc5663d7c24218bce5c4710c188ea0

SHA256
ef2ad7b6842f95599a4398f847562d10ae69289a3519f7da8aad6f31a3eb701b

SHA512
fc162b4c2f5963850a3dc810d94cd961a7244a082156629ce2fb772d3cd5c59bb0a05b9fe3dda1042097cf91eb22ae57aa52d1320746bc4c8349420797abe5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9faae8e2ffefd94a3cdbbf19d4d85b93

SHA1
df32e30b0c02254273fdec621cb68ae9ec2608ae

SHA256
54904c22946a0f11246823afe7049c5d8a9da321537c8291937eedc2c20e556a

SHA512
ec2153f08bde0b0b7dffaf7892bcdd925fed7cde185d47f39fff97d5157ea69af8818ac7133ef02bbb3f08dd9bf0ecc5dab3443b94979d24eb015100b27f4175

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x

Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x

Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/3980-397-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-398-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-388-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-393-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-386-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-394-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-395-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-396-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-387-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/3980-392-0x0000000005620000-0x0000000005621000-memory.dmp

Filesize
4KB

Download
memory/6404-1205-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1206-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1213-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1207-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1212-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1209-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1211-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/6404-1210-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/12556-3126-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3132-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3133-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3131-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3130-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3129-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3127-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download
memory/12556-3125-0x00000000054B0000-0x00000000054B1000-memory.dmp

Filesize
4KB

Download