734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
1190s
max time network
1329s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.exe
Size

12KB
MD5

a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1

761168201520c199dba68add3a607922d8d4a86e
SHA256

3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA512

89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
SSDEEP

192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 60 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe

Runs regedit.exe 5 IoCs

pid	Process
4736	regedit.exe
6692	regedit.exe
9836	regedit.exe
6028	regedit.exe
7120	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3380	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4508	MEMZ.exe
4508	MEMZ.exe
4508	MEMZ.exe
4852	MEMZ.exe
4508	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
4508	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
3076	MEMZ.exe
4252	MEMZ.exe
4252	MEMZ.exe
4508	MEMZ.exe
4852	MEMZ.exe
4508	MEMZ.exe
4852	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
4852	MEMZ.exe
4508	MEMZ.exe
4852	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
3076	MEMZ.exe
4252	MEMZ.exe
4252	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
4304	MEMZ.exe
3076	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
4508	MEMZ.exe
4252	MEMZ.exe
4252	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
4508	MEMZ.exe
3076	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
3076	MEMZ.exe
3076	MEMZ.exe
4508	MEMZ.exe
4508	MEMZ.exe
4252	MEMZ.exe
4252	MEMZ.exe
4252	MEMZ.exe
4252	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 8 IoCs

pid	Process
3284	mmc.exe
5132	mmc.exe
2128	MEMZ.exe
6196	mmc.exe
6856	mmc.exe
2440	msedge.exe
10248	mmc.exe
9144	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious behavior: SetClipboardViewer 6 IoCs

pid	Process
5132	mmc.exe
6196	mmc.exe
6856	mmc.exe
10248	mmc.exe
11840	mmc.exe
10784	mmc.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3380	explorer.exe
Token: SeCreatePagefilePrivilege	3380	explorer.exe
Token: 33	6096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6096	AUDIODG.EXE
Token: 33	3284	mmc.exe
Token: SeIncBasePriorityPrivilege	3284	mmc.exe
Token: 33	3284	mmc.exe
Token: SeIncBasePriorityPrivilege	3284	mmc.exe
Token: 33	3284	mmc.exe
Token: SeIncBasePriorityPrivilege	3284	mmc.exe
Token: SeManageVolumePrivilege	4820	svchost.exe
Token: 33	5132	mmc.exe
Token: SeIncBasePriorityPrivilege	5132	mmc.exe
Token: 33	5132	mmc.exe
Token: SeIncBasePriorityPrivilege	5132	mmc.exe
Token: 33	6196	mmc.exe
Token: SeIncBasePriorityPrivilege	6196	mmc.exe
Token: 33	6196	mmc.exe
Token: SeIncBasePriorityPrivilege	6196	mmc.exe
Token: 33	6196	mmc.exe
Token: SeIncBasePriorityPrivilege	6196	mmc.exe
Token: 33	6856	mmc.exe
Token: SeIncBasePriorityPrivilege	6856	mmc.exe
Token: 33	6856	mmc.exe
Token: SeIncBasePriorityPrivilege	6856	mmc.exe
Token: 33	10248	mmc.exe
Token: SeIncBasePriorityPrivilege	10248	mmc.exe
Token: 33	10248	mmc.exe
Token: SeIncBasePriorityPrivilege	10248	mmc.exe
Token: SeDebugPrivilege	9144	Taskmgr.exe
Token: SeSystemProfilePrivilege	9144	Taskmgr.exe
Token: SeCreateGlobalPrivilege	9144	Taskmgr.exe
Token: 33	11840	mmc.exe
Token: SeIncBasePriorityPrivilege	11840	mmc.exe
Token: 33	11840	mmc.exe
Token: SeIncBasePriorityPrivilege	11840	mmc.exe
Token: 33	10784	mmc.exe
Token: SeIncBasePriorityPrivilege	10784	mmc.exe
Token: 33	10784	mmc.exe
Token: SeIncBasePriorityPrivilege	10784	mmc.exe
Token: SeDebugPrivilege	12692	Taskmgr.exe
Token: SeSystemProfilePrivilege	12692	Taskmgr.exe
Token: SeCreateGlobalPrivilege	12692	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3380	explorer.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe
9144	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2128	MEMZ.exe
4492	mmc.exe
3284	mmc.exe
3284	mmc.exe
2128	MEMZ.exe
2128	MEMZ.exe
5964	wordpad.exe
5964	wordpad.exe
5964	wordpad.exe
5964	wordpad.exe
5964	wordpad.exe
5964	wordpad.exe
2128	MEMZ.exe
2128	MEMZ.exe
5620	mspaint.exe
5620	mspaint.exe
5620	mspaint.exe
5620	mspaint.exe
2128	MEMZ.exe
3976	mmc.exe
5132	mmc.exe
5132	mmc.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
3516	mmc.exe
6196	mmc.exe
6196	mmc.exe
2128	MEMZ.exe
2164	mmc.exe
6856	mmc.exe
6856	mmc.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe
2128	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 4508	3980	MEMZ.exe	90
PID 3980 wrote to memory of 4508	3980	MEMZ.exe	90
PID 3980 wrote to memory of 4508	3980	MEMZ.exe	90
PID 3980 wrote to memory of 4852	3980	MEMZ.exe	91
PID 3980 wrote to memory of 4852	3980	MEMZ.exe	91
PID 3980 wrote to memory of 4852	3980	MEMZ.exe	91
PID 3980 wrote to memory of 4252	3980	MEMZ.exe	92
PID 3980 wrote to memory of 4252	3980	MEMZ.exe	92
PID 3980 wrote to memory of 4252	3980	MEMZ.exe	92
PID 3980 wrote to memory of 3076	3980	MEMZ.exe	93
PID 3980 wrote to memory of 3076	3980	MEMZ.exe	93
PID 3980 wrote to memory of 3076	3980	MEMZ.exe	93
PID 3980 wrote to memory of 4304	3980	MEMZ.exe	94
PID 3980 wrote to memory of 4304	3980	MEMZ.exe	94
PID 3980 wrote to memory of 4304	3980	MEMZ.exe	94
PID 3980 wrote to memory of 2128	3980	MEMZ.exe	95
PID 3980 wrote to memory of 2128	3980	MEMZ.exe	95
PID 3980 wrote to memory of 2128	3980	MEMZ.exe	95
PID 2128 wrote to memory of 4192	2128	MEMZ.exe	97
PID 2128 wrote to memory of 4192	2128	MEMZ.exe	97
PID 2128 wrote to memory of 4192	2128	MEMZ.exe	97
PID 2128 wrote to memory of 2784	2128	MEMZ.exe	108
PID 2128 wrote to memory of 2784	2128	MEMZ.exe	108
PID 2128 wrote to memory of 2784	2128	MEMZ.exe	108
PID 2128 wrote to memory of 2440	2128	MEMZ.exe	112
PID 2128 wrote to memory of 2440	2128	MEMZ.exe	112
PID 2440 wrote to memory of 5088	2440	msedge.exe	113
PID 2440 wrote to memory of 5088	2440	msedge.exe	113
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114
PID 2440 wrote to memory of 2828	2440	msedge.exe	114

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4192
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - Modifies registry class
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:2828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      PID:3064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
      4⤵
      PID:3716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
      4⤵
      PID:3372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
      4⤵
      PID:1124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
      4⤵
      PID:2152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
      4⤵
      PID:5428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
      4⤵
      PID:5444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
      4⤵
      PID:5624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
      4⤵
      PID:5632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
      4⤵
      PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
      4⤵
      PID:5948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
      4⤵
      PID:3852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
      4⤵
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
      4⤵
      PID:4560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
      4⤵
      PID:1932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
      4⤵
      PID:5556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
      4⤵
      PID:1400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
      4⤵
      PID:1916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
      4⤵
      PID:5472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
      4⤵
      PID:5276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
      4⤵
      PID:3428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
      4⤵
      PID:2928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
      4⤵
      PID:4276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
      4⤵
      PID:2288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
      4⤵
      PID:2284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
      4⤵
      PID:5732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
      4⤵
      PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
      4⤵
      PID:5004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
      4⤵
      PID:5296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
      4⤵
      PID:2292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
      4⤵
      PID:6596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
      4⤵
      PID:6696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
      4⤵
      PID:7056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
      4⤵
      PID:6372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
      4⤵
      PID:4748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
      4⤵
      PID:3012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
      4⤵
      PID:6880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1
      4⤵
      PID:7016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
      4⤵
      PID:7108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
      4⤵
      PID:3836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1
      4⤵
      PID:2180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
      4⤵
      PID:6408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
      4⤵
      PID:3760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
      4⤵
      PID:2308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
      4⤵
      PID:6164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
      4⤵
      PID:7344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1
      4⤵
      PID:7444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
      4⤵
      PID:8060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
      4⤵
      PID:8152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
      4⤵
      PID:7784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
      4⤵
      PID:7928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10020 /prefetch:1
      4⤵
      PID:7684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
      4⤵
      PID:7892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10564 /prefetch:1
      4⤵
      PID:1044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
      4⤵
      PID:7932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10728 /prefetch:1
      4⤵
      PID:7620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1
      4⤵
      PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1
      4⤵
      PID:4864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
      4⤵
      PID:2880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:1
      4⤵
      PID:7444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11012 /prefetch:1
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1
      4⤵
      PID:4136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11084 /prefetch:1
      4⤵
      PID:6404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
      4⤵
      PID:8272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11524 /prefetch:1
      4⤵
      PID:8820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11396 /prefetch:1
      4⤵
      PID:8920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11756 /prefetch:1
      4⤵
      PID:6680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:1
      4⤵
      PID:8408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10120 /prefetch:1
      4⤵
      PID:8304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11756 /prefetch:1
      4⤵
      PID:7260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10648 /prefetch:1
      4⤵
      PID:6468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12192 /prefetch:1
      4⤵
      PID:1344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12272 /prefetch:1
      4⤵
      PID:8536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10820 /prefetch:1
      4⤵
      PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11024 /prefetch:1
      4⤵
      PID:7084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
      4⤵
      PID:9092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11684 /prefetch:1
      4⤵
      PID:9584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12180 /prefetch:1
      4⤵
      PID:9708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12704 /prefetch:1
      4⤵
      PID:10132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12772 /prefetch:1
      4⤵
      PID:8748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12552 /prefetch:1
      4⤵
      PID:2112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12752 /prefetch:1
      4⤵
      PID:9924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12520 /prefetch:1
      4⤵
      PID:9576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12600 /prefetch:1
      4⤵
      PID:9492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11832 /prefetch:1
      4⤵
      PID:7436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13076 /prefetch:1
      4⤵
      PID:9088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12504 /prefetch:1
      4⤵
      PID:9880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13260 /prefetch:1
      4⤵
      PID:9260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13212 /prefetch:1
      4⤵
      PID:8416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13436 /prefetch:1
      4⤵
      PID:9456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13492 /prefetch:1
      4⤵
      PID:7932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13192 /prefetch:1
      4⤵
      PID:7040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13460 /prefetch:1
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13548 /prefetch:1
      4⤵
      PID:10652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13948 /prefetch:1
      4⤵
      PID:10760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13456 /prefetch:1
      4⤵
      PID:8364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13728 /prefetch:1
      4⤵
      PID:10676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14216 /prefetch:1
      4⤵
      PID:3044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13792 /prefetch:1
      4⤵
      PID:10472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14176 /prefetch:1
      4⤵
      PID:9412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12788 /prefetch:1
      4⤵
      PID:9984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13448 /prefetch:1
      4⤵
      PID:9392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13716 /prefetch:1
      4⤵
      PID:1612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13716 /prefetch:1
      4⤵
      PID:10068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
      4⤵
      PID:5560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13696 /prefetch:1
      4⤵
      PID:11592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14404 /prefetch:1
      4⤵
      PID:11444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14732 /prefetch:1
      4⤵
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14596 /prefetch:1
      4⤵
      PID:8712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14000 /prefetch:1
      4⤵
      PID:10772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14532 /prefetch:1
      4⤵
      PID:11944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13716 /prefetch:1
      4⤵
      PID:5428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14536 /prefetch:1
      4⤵
      PID:312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14580 /prefetch:1
      4⤵
      PID:10396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13212 /prefetch:1
      4⤵
      PID:12156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
      4⤵
      PID:11764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13876 /prefetch:1
      4⤵
      PID:11764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13492 /prefetch:1
      4⤵
      PID:9032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14764 /prefetch:1
      4⤵
      PID:60
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13552 /prefetch:1
      4⤵
      PID:11860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14684 /prefetch:1
      4⤵
      PID:13216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14044 /prefetch:1
      4⤵
      PID:12584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14696 /prefetch:1
      4⤵
      PID:11376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11832 /prefetch:1
      4⤵
      PID:10836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14696 /prefetch:1
      4⤵
      PID:12308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14840 /prefetch:1
      4⤵
      PID:12588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13508 /prefetch:1
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13552 /prefetch:1
      4⤵
      PID:12604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14160 /prefetch:1
      4⤵
      PID:13244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14848 /prefetch:1
      4⤵
      PID:13104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14756 /prefetch:1
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14528 /prefetch:1
      4⤵
      PID:10068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14484 /prefetch:1
      4⤵
      PID:4736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
      4⤵
      PID:13940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14960 /prefetch:1
      4⤵
      PID:13316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
      4⤵
      PID:14196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18323417487033902406,16711777158524797293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
      4⤵
      PID:13808
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - Modifies registry class
    PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:1212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:5728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5672
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:5696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:1256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:2216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:4424
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5964
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:3432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5704
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:1648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xb8,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5588
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3976
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:4160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:4612
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - Modifies registry class
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:4836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:2816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:6532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:6544
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:6524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:6212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:1912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:1292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5924
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3516
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:6196
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:6856
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - Modifies registry class
    PID:2704
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:6912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:6848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:7056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5524
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - Modifies registry class
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:2600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:7264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:7980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:8000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:7732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:6192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:7944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:6416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:8144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7184
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:6692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:1532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xa8,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:6980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7524
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:7912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:7964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:6568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:8740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:8756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:7324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:8472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:9120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:8276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:8412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:6760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:9024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:3292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:9520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:10056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:10072
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:9836
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:9292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:9796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x74,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:6492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:9432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:9396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:8200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:9292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9192
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    PID:8676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:9756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x124,0x128,0x120,0x12c,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:8916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7660
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    PID:6440
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      PID:10248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:10580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:10592
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - Modifies registry class
    PID:11160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:10504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:10508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:6440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:2236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:8572
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    PID:10628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
    3⤵
    PID:448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7972
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    PID:10388
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - Modifies registry class
    PID:3104
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:9436
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    PID:10436
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:10372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:10904
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - Modifies registry class
    PID:11020
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Checks SCSI registry key(s)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:9144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:10188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:9704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:4692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:10364
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    PID:9652
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:11508
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    PID:11820
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      PID:11840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:12132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:11516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11540
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - Modifies registry class
    PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:11356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:9256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:9412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:9760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:11956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11940
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    PID:11488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:9040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11920
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:11556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:11728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:11884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11500
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - Modifies registry class
    PID:9480
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:7120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:10316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:5884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:11184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:11056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:10460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7716
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    PID:11984
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      PID:10784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:11872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:10484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11520
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:12376
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Checks SCSI registry key(s)
    - Suspicious use of AdjustPrivilegeToken
    PID:12692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:13144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:13156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:12480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:13224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:13124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:12644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:12372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:8912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:11152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:11396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:7604
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:13268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:11960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12620
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:13192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:11796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:9384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:11904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:11688
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    PID:13620
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      PID:13644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:13860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x98,0xfc,0x120,0x94,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:13876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:14272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:14284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:13252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:13488
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    PID:14120
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:13748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:12240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:13468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96a0e46f8,0x7ff96a0e4708,0x7ff96a0e4718
      4⤵
      PID:4336

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3380

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x250 0x4c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:1712

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5684

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3220

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fc27d18-711a-4677-9c1a-4f4bbaa96797.tmp

Filesize
7KB

MD5
6d21f6ed21b2db2677fd75d88c7f05c3

SHA1
6c3b535a7bd5c8de32d49b87601fc4c17166cf25

SHA256
39d8a6223f43d8d74fb38d90821500514ebbd90a6a336e81f822fe237a59ac9c

SHA512
82d5787b5724a04edd473cbf4c94ea240f04f3f9e07e31aa9475496f40242b30de5cd4c2cd2ef12cb9db2076569b5cdf1d8df1f6100bfc55d93d1d24a8241af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
393192bc6735be15fdface32c7fbe645

SHA1
b595b2e2d7b170e42aed54d6ed4e4ea861b11c85

SHA256
ae92447ec1f3a53c00f06d25a971f8fb1d66d2b581a3dabb2774f536b07cd499

SHA512
ce95cf443ed8247d496475362617f8ed96e7ecca7f6330e845d8c3d7c482f2b1c38e22ff6bdb6d7522ba2d4ea84e7a20a0d4b430a5aacf89d6d870c8e24e5029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
16KB

MD5
68c477c4c76baab3a8d1ef6a55aa986f

SHA1
4af50379e13514558dd53d123db8ea101ec5e24c

SHA256
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

SHA512
92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
44KB

MD5
88e4aad8874000d8f74fc868e2e740fa

SHA1
f1d7da246d2ebc34aae3ce6b5fa0e3b3d53f7e57

SHA256
0c2b3ce4e2356775e5252c95a6f72ecf604ae94a3a0437830c53448c41bbde4a

SHA512
ccbbb9752eeed400c94f9b89d797cb289c821b24aa549a636c93bcf1198458b3e388e5499d399a5fa9ac6709516a0699ecd07043b38b522912cdd7454e47da22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
17KB

MD5
0627ec86dfad171ba217bbc765326ed7

SHA1
d83f8aac9cb272a8825602735e3766f4975d5c68

SHA256
d53336707c39d1ec20a2b1f7399ca9f183c45592e215a42fd596dfa2dbb8ad7a

SHA512
a64bb605c4c4a1d3a3905155e9f52b4c59abb95fffc61aa1405d6d4e4687ac308ef4104f897770ad8c7001e40f91f68eb35041d693367a970aab2a86e80150e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
125KB

MD5
a23f2a4cd5992c32830e7fcb180c3dc8

SHA1
7115b9ac844ad552bd8d822ad92c1f6bc50d8bb5

SHA256
1cb7f7aee0678460726a4fc8e2c92d336d5ae78289590e44765e85d99ef9c6fb

SHA512
c2930760614fb22a466f2f80fd49588a9fb96dbad84758619939565d93b1018747e4287c64b83b043f1511a1b90a57d63c658fca3b9b3a1b8964dad9d2f77193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
85KB

MD5
f0a7f20802637a2c089df4b864b69ed8

SHA1
37250bfbfd16cd985880a4f840449e96cd6ac992

SHA256
12afda041905fcfdabdf38ec48d07fe3c902115aa670f4b328c17eb84899a57c

SHA512
77ecbabbac36f39d15b8b9d6d067c7ccc7df6618471ad7cb8df79bd3aa40703ec8bf451edc2183bd6429673850b812d0459459ae8b6db3ca9b7d3013926b5121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
21KB

MD5
d7530d93502fca34ba1d27c174ba602e

SHA1
47f79591767f910e931528578186c4560e9d8aa8

SHA256
23aee92da9b331c9aa0c03eddd616ac69b420bc887500584afdb7c59cda50f85

SHA512
1653bfdba6df329c24a75aa1e316e42bd5e39c545cd35a6baffa9760afe40cadeadefda71937aed79ac1eaf466a7ebe1205dfa37457073d78670420c3e90364f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
36KB

MD5
1520b83a25b02ac8ad7b8063543250b6

SHA1
701ff60e0c854226352b88ec551971afcb0bc95c

SHA256
2c3e3860c11ac9e5b7779f9c0edeb4f4384c0d09471817a689426aa02140f0a2

SHA512
590b88a4042a12b107f909ca0696b623b6948a682dae65a9b0cde11a5a8fd8da1ddd8eda9dc5562259f7cc54071c52bcecd11db0fd08b997bfc8c581376e0fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
25KB

MD5
e9288ad4996a756406bf5d71ecf86454

SHA1
83f8c657655c54b1a89cdddec136a0adebb10638

SHA256
6e3a858b382a60fed8c949a3962b2ba55ef3b8bf954a8c7439554cd178f0bc86

SHA512
6cf46f85f1a70973d08f96fd0f33294c38fd20879c7e26f563c5726df3eb507a3f49ff82bb2a46e0d0aed44e5f6552c56389835afb6632ef8cbf1175cca4d1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
28KB

MD5
0a327ee086a818d7d54af36baced0f6c

SHA1
74615f49b359a3a4c944c643f4bc7755c2177dfb

SHA256
c1a02eff7911883e25c8702d5f7f4cfc06a75cabe3f6572246a10128f5635962

SHA512
54a95383befb800138981dffc9cfd736242372f91dc26c1054238337d65d5d88bc39e2baa40f62db9a08e9d8b29a9d6efd319aa7f739addd5d4cdb55f2662f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
86KB

MD5
922d72de8ad9a1af32d0700c9c1f2281

SHA1
2695b16923c7bad94c292d88f24ee176ca604b71

SHA256
2805fda800661e8d6043385ffe9f0e75ec91f7a8715f8382419317c124661bb3

SHA512
7a49fc1d5c7d3409086a8716820bc997f96d348309ee33df68142b4c09894839f4cf4105f0f36e910cdbb9829eb9fd19b8a9a131db6219e8966dfd605de57010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
31KB

MD5
19f96c8449746bbda44bb4d71b9466c7

SHA1
4b8de6fff474cd0ef98e80175eb0964623efad60

SHA256
cef5ba8ceb1cf5584b3ab7c6b378cb05d96665d6e5f441006aef77292d3e6d6d

SHA512
bd8d01f36b0565d459432add7e6b05c3bdebac67dae3bd39efbb2731fac659a6aa9807cdc01d5e7a1e729107faa9d165756a5fa8666a9363439af6526f27f872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
54KB

MD5
8572812b1372beab32d2e7fe25cfb349

SHA1
ee432abefa9475a75f7acc73f5db5cbebfb6ef6b

SHA256
57ec6d41b79699282d950e19e3e74a436ffd1ccd9d170e00493a20753b4b7dec

SHA512
1770f225f03d434a64967aff96935b8fec60fd91b5f27c5cc1c7d31dfed9ddbe33e2ee6c90f46b13732701a293bad807b9d3a8ae4783a48d54ca0ad2577a7bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
33KB

MD5
c0a4d9b180cd2276de6895d5db59a173

SHA1
4e5b13ca7d0f84a688b7aa983b19002895d76a78

SHA256
1a5476cb00cf3d8cfe2f4ba85a3d3dbfc6ab72c86be5cc29fd8b9d9cddeadaeb

SHA512
c32726affc9c1865f15061269c591983538270f8f28b0fa0315027abe14c570cc8a416f6a8f461235f02f43d5176e3321e096694de7ad3aa4e2333e9881f8bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0779cdbd51a95a70_0

Filesize
327KB

MD5
088cfd235453d7b03ce2eafb030d2417

SHA1
0c4c04aca3ea793ec6c681d517bd896a2c7fa016

SHA256
b737d5823aac856cf71553f5cb82546f235f47137c3ae22a819f5cbef2863345

SHA512
c79ba9ec99cdf45234ac2b3ab150467fbb84cb7dfe65e942824083f38452d5945480cfac7165a8958f3c137428034e2b3c6dcfcf0f30d64f438ba9e1e6245179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07f0f7fe40bc73d9_0

Filesize
333KB

MD5
34790f98235094a867597b4a71fab849

SHA1
5017bf9728493317aae60d8a90ffc4ba348223b1

SHA256
e872fe6dfc9c79e40d266c14e38b1ae10a9d73f7ad47af9d02988e07b86b31b5

SHA512
af20217dce34a80fe524b9efbbdb1caa27dda262a44500266c1bf2dcc66f0c1522d79dd18bf1fc449fbf722b504e32df12f3a0b020a40d54fdff02b0e192a4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2266ece5e7a75fa7_0

Filesize
387KB

MD5
1464925942dd8647426037828505e726

SHA1
f0f60c76035aaee9a29a0eca5ef3263278680be3

SHA256
cbf6f56c149c63992ba381d6dd8bd300c685a395eff74269c196dea217d44f09

SHA512
0051e916b02bde4def9638d272383c079281b358485b6e989e0e44c6743f86ba9a0efb6293d494c01fbfc0b0898b79a5cd359c60b21854a6d9280cee6fd02c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c40689ecf0fa7f7_0

Filesize
340B

MD5
4e5a22e21c164fcd6643a95e7013060b

SHA1
351171867aa76b25a779c5b3e60cbfbabd08be60

SHA256
b39825f228d408c4868856bec6c2d3020ae4968c1947e7cc358a032ed8b5e24a

SHA512
36290cc0eb04b704ca2899e7801e3b6605471241df5484db12cf8da8f32b0c2f0bbf3f6348018e03c9080c2cdfa646cbb33aa8b1a1ea0a5a1b380a8fc824f5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b35bf58af4fb50e_0

Filesize
397KB

MD5
1ae997364ea493eb05a36787c7eddb16

SHA1
bd04570bdb53590094190c38ca152e3fdf4f76e7

SHA256
4fc3daabd19db0d08ff9d0f9c0794ef25b912d4145b6ce8bae6d3950c18e44f7

SHA512
28b352d63788a347f7a0bf9476abe0fc66c08560d02b4fcf4a34998d3e609ad563e0cdaf6b6107562a9fad1638d14264f9200668e9ef32e3d5fb6d79675bed8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fc9361b63c077d0_0

Filesize
5KB

MD5
24613e839e6f8a463ad2a195231bc134

SHA1
f34af79bd7ecbe06a4cd0cfd1a986a034d6709e9

SHA256
230135b93cfac5dc9f66301464e590a48b9ae38568323ada706ddab094d7bd05

SHA512
89c278e19444f1789c1140efa44e78738adafb3b8b2286d072a11b47d298e348167cf4ba78d9d1cb7f9c907279082279a734755d4735bd01778e009a850e4531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52286b827bc8f59b_0

Filesize
255B

MD5
8a90d3af71188d7da7b910f8c1c0f1ac

SHA1
0c12da14cbd926d286b375af656360f5f5e68598

SHA256
f878d28213ac442a0e3fc4eb01e186eb55f914c87fd05741cc4801162532877b

SHA512
b7e8e7682a6d389cceb0f1d4afa3a28257f1d852768df51a495ed7f7f4550d1cc1d11cbc48f3c5d7112fbd1860e11e44b61673a7d44c5dca7f6b4648eb695f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5265415443741e98_0

Filesize
263B

MD5
6c270e7897ffc2ce2415932e4ed52a37

SHA1
f7488e48d2688786356afad886b9fd7a9a5b676d

SHA256
2425e0e57570c836a3d1214235a0185ad241efc90dd8781ce6b41aae25ed989f

SHA512
cf7ef765201bd14c94c88d3ab825e4370b55538b6545a86a844793526411752063575e57124ee0327e200e0918c5be1edbb2a5b190060d952367d286a827cfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c5bce7e97afc2e_0

Filesize
18KB

MD5
db1ba5e4fe9d45e71d86e3627b36e554

SHA1
0162f86878c01430c25d3195abc54faaf694141c

SHA256
46c453f8cfdb034b1dc9b30a0294a4980c626adf7827d3a54a065b1677623839

SHA512
6eb4a73692b7ea56a07c4f1f4c809aee19ad8e11f452f1def2f09da9175e87a2f616eea2431edc2b01cee8f94c1d5e52a20940fcbf85f5bca1a9be89bee0c3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c66db9677357f5f_0

Filesize
439KB

MD5
5bc8d8d95cc0d4bc3f8ec158e3494cb2

SHA1
d48767006f30d6ee1f3524c39484561749467d57

SHA256
8ab671c0c60962ebaec6fee1b6de1f403b825689d9650250f7421472187b7247

SHA512
d1fbb306795bbe520acc427b7c5c47b790573b9aa1ac1464e2d498f6a22855e447b1ac9b9cfcdd06d902594a19675569d3126f13e28e38d9f4db5b3e82ddf764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d989c1d38ba65d1_0

Filesize
397KB

MD5
d5ad772373c5a39ebf13b811963d1890

SHA1
f60efbd8cfebb03eedfc3d786ea3596f35a649da

SHA256
8f0c042f7f70e5bafba45e2b9ac013557782f0ca416fb9e9cfe3aa5a1174d5f3

SHA512
1c32380a1494ea8b67d1c7d05e747a95f4c9a5e17838a183da91ac0154921ab623bb352e26420a8ecb818e8f498efe2ff6881eb1c2a8d9b0dd3cf919705279dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\750c27a88d441f7c_0

Filesize
310B

MD5
193fd7d3d0293e8cd53d16b9be7af24d

SHA1
ea6959159808ba3de559b6e013804d15c96b613a

SHA256
cfcbd4bfcf80349471f8ec2f7b82a9a160ceb25ecc22e0d48404399e7f8c1e42

SHA512
a75f8848983eda338bc5745a0cf0c98dfffe1d8cf5fdc9dc596c5464013d49283971c2d3d66999b3b6317ceedba186c0e7080fc549023bad884b868df3f82d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75f69b42530e9afa_0

Filesize
208KB

MD5
487a195784c290a374e83d36067b98ce

SHA1
27be5e8cd159ede3a3c64198dd4763d433622892

SHA256
aae77525b585b0798439dfcd39a9b11709a25f462ac6dde7ca9256332433c41f

SHA512
8a1e984d8bb0d8698d7bf464340f24f46ade6c7e5ae91fe4897a7cb473c035b3c272ad7e1c0d4babafa2275230ddbc75ddc4a11c2df1279bfd6293286818aad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
599b32e0c7e7834606209037d43e7e70

SHA1
8344c00d8356b541b89f0eee0f1befd5d5105400

SHA256
198db8599a4c5a6ae8236d3d0d545314ac86a3e098ae3d26b479c021999900f9

SHA512
f5f83826928469b6ba062fedd2db18d73a8f85b50419a25e8025ef808c3c9b506aeb90cd2711a1f8e60bdfb0ff4a8312072d949a1610b0a3d68bb9a2e845a429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
96c21985921573ae86575d04b27b2399

SHA1
5271088841bdf5df0414275fe24fa6c54d282fbe

SHA256
7941f55149521c8696c5c30f5c4ecfc19001abeac843e17e1054692fd07b908b

SHA512
5e1ffdd8338c77ee221450f049d8a3ed836fdc24ff8831830f5f77847a5f055c308a58dada85fa786558a304bb300c388185cfee57457b2c0ca37186cdd4b183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
285a9627a853478d6cabd9321e4e10ba

SHA1
0219932537e8946c6d68cd5722f482d036a0716f

SHA256
f59aafbb5b2cbe1b197ac635e0c3247c039e611f3af78147cd59d0b8584cf4b3

SHA512
69acb2d61f1fad5284049da34c3d3936193002d5f81c73d3c55c5c76598524384107428e4107ffc755f4b29c44fae4d336dc3643e06936d8d60cb161b9081ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
2fcaa8eca9a7af930e0724e05fdfbf0f

SHA1
b43b5081ad8bb7615dc49735d406dbd43d005229

SHA256
2d881eed172eb9b782c0f404cec9641ae88bbae3731ff0acefd6d880855d4983

SHA512
fa5063506c125c368c40bb6f44227c20b8ad99c9f3f3d5be132d7cd2c41a9be56381a13ce319e77370c0cbfed3bb2c4b7d06ac3cc34f75e9aa64fd273b272ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
fd2eb2d219256e09bb02a22d5660d9b3

SHA1
d1e892a79cd59387762e3a13a2afcf75ccb21f54

SHA256
20c40f417f46834043e3f91f57c1563bd05096504b0a3a0e5532097335d28972

SHA512
6ebf0230e3dbc06f3b52415d54fcd2b5182394a92b450e4f944afe2bbdfe9daf503a33e1a8df79ed25521829267e110f77af158099c286003f816204aa43f445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
055511aae53de8483784556c06aa73c1

SHA1
81cdfec70ee41c676cedd7a1eef92ea17c3690fd

SHA256
10b9aeb5be31e792be1a28a24dc681057e7e7e927cb7b7ad4818b8364440fc7d

SHA512
5398d7c9b5e63e3047cfe2df88a77378b87dd59fd7655617eb05bc406ef12752f3312c0fd1261abd9d7005efa057341baa664ac30617b8830b7c6329a3c452a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b8884451e3b851b_0

Filesize
351B

MD5
b30204af0ea09f4af2e22e6172e3ca1c

SHA1
40f4dd769c9dcb769b884092dd11dd6113c6eb64

SHA256
bc7d32b16da979ff36d733137fc52950ea38ad2b6a9c602e4fd63f15f5ef9ecc

SHA512
b7f6521c8df2a7a69857835d3cf334dfc902cf1483150c5bc7f3ed215944706a879b0da7e598a47efc980e7e7cb14cdb39566f32d4c2805d9b0a459dfcac4fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c0db3188e4ece23_0

Filesize
72KB

MD5
a716789120d69e9c3bc6c70410b8fec2

SHA1
d70b255b53ad7b87dd093567c71eab3dbf397c30

SHA256
ab85408202ff6ba2fc1d19705a643b03fec1a4fe1554d5b3fa1949724b64bc98

SHA512
a9d8158e08bd4da4b7505873d0cd34f52507ee4c099b0af87d59517f91846912daab167e1f0f28525043afac3575a4898489b8d92a7a588cab86daf72b07bbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bc4a5b547aab0d_0

Filesize
527KB

MD5
d9dfaf8bfb6286a9a4a2f9f1a713d9ab

SHA1
ed2284176991cda42d0e3980f41454c8c892004f

SHA256
05634c28af9e629fd5760bbfee00af32017e9cc20c55020f6c5a52824858221e

SHA512
c09328b0f4ced34ce3bea74d2e939830243bf5f3d6e12fe870078d4372acbc2253f530b5c3f260aeba7380bc927bc41e3dff961eeb71f47847f2d450d7b260f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2799760ee1f35cd_0

Filesize
397KB

MD5
2f4f5c34fcca5cb5df52fe2e5c7abb26

SHA1
2b788d9dd0269f0d0371978f1d30d4e084e33d85

SHA256
d19dccd7de538f8232f74ff743d8be56cecf98dd77781a8dd5ff6ad8d020c732

SHA512
83817133980cd1c13e147683c373233776fd05269bc84502e4dfde1d59b1ef1f524a931b110166169fb289e9eb8ed0105fc61b32b44f0a7fc4ebabb2feb6998d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\acb869c95e4b40c6_0

Filesize
295KB

MD5
95996fcdb880da8f772fa9e9878c8435

SHA1
eee31d57497155b03f5550dc34e8d5ffe4d2deb1

SHA256
b1ac57c2c79216dcec98163d1d7e65574d55e4f20caa773fa4b34005818eecf4

SHA512
ec47d328cad9bbb6e7590b4e773f3ebff39ddfae3d99f3f92331b0a8e3235d51f6fc3ec47b21e3da80dfc7097e0899509f30e096920037e43be78c66cb9a508d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0e6290c5c939444_0

Filesize
317KB

MD5
7ef8aad985a047585c1965c812aef1d3

SHA1
0341fa1a9fba685058e03c9cb20dbd58fb1ac352

SHA256
2b9623b512243679f903b24790473f71ea1019a37deab76205d93f8d09a6485c

SHA512
3dc48ba1491a04ce4d1253e245650275065625bc098562d3f60206cc42db5fc5ec0dffc826706acb0e44a5c11140e55f4e833a857b6de257dca906d4d47b7333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db8e1acfa74e7522_0

Filesize
64KB

MD5
d386c84b1b7fbf998804bcfae9edce9f

SHA1
78c41e78aa685d15d235e4a67bac0ea4e01b4278

SHA256
780bcb4331cd307896d0da0c83c8bafc1a79304ca444832f453622d26c9fe20f

SHA512
185becde3a585ec7c68440161009faf9e965dd57b33f064257e9a770517bb93e06dd19d82f76a2c21a3c6eb4a11e42fdc99ef2526d8374c22afba00b654d762e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e36b01d59ea3b868_0

Filesize
257B

MD5
b562e5aa5f9cee9e87f261f6f3f67db3

SHA1
b741c39759a62bed8925a215719e5d7ca5e2ec70

SHA256
d3ec66d7c48b366a998f9a3c1db43709599b31140f99f1087414bdae34148ced

SHA512
361a8e66b3a76f62b910a240e3b12c7e760ac5ea56ea6680fa2c69eef6e88518a64a9b0aed6a55ec0492781036f4ed816d3551666686f7abe6b9827bc018e8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e7c0ce440feae4ff_0

Filesize
283B

MD5
acdf9a5b53523cce319fa3672166c8d0

SHA1
dfe0b195450bd5d22f5765edf603b46ceef1bf58

SHA256
53f9f184ced0dbea0203c1a23624cb4dafb19c0570e952912af27d3b33c44f2d

SHA512
f57e91a6ab9df04a6b7e9d8ee9c28f8d1ba0c8bb2a4b0731c0367dc2043a58cfa4cb1266937751b07b0fb69dba9ed196f4bdf9aea47475585858b26345ccf019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f5c4dc35c6ae629d7d23cead67ee4c20

SHA1
3fad4775620b9297e95590605407c596a95b5063

SHA256
413678224461fffd80b2ccdf410924f205eebc8ce575daa5db67e284b20dfc36

SHA512
1765e8204df187d96edd1577d98e3a9ff1df64347a4a2428ca10d999033aa8963b5fc09b4c81ef0a0624d84bc217d4a75f85b375b2859a40ae52cc2bad275368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9682799e65416d43143696cba382f92e

SHA1
aff4525fb2fa9ddafa9bef47cbe991fcebf20efe

SHA256
4815d9535f2039e09322fa389b7348ce8e81c8b568a23a551418df12bbf44bf6

SHA512
41a4c5eed2f5c99225c4104e75f0dba2c7bae4d19c57ff21347b036096132bfc8baf0e4b08f1b2b760854c9fef49b52d7f6fbb2a380f00adf7524b5988c43bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
027798e27a6142e0c075bfb39ae80772

SHA1
70d26d4825dc561a3127244dc76e6cdca96f006a

SHA256
42b9e2ffa3c3617e1a2047d6c60d9cbec1af8802a238bb6934d21f4767ac31a1

SHA512
48ac6731319e61fa652ca60b4802a11ddb71bf82c5dc54fa9ca9c0adcbb207375f9af5a63d34a9b49c0abdfb98ca8a71bf44f77754b461afbd0c16e1507ab638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
fa489be49697a1fff95556ebda86531b

SHA1
d132773b214dd011a9eca05423013837aac042b2

SHA256
4d2e1e5716112848485cb92d897deb8b63da37988bf6e82ee0d8c9346f972247

SHA512
1bb4cd622124d5a72bbcf1c127e25af98eb940a88fa826c0c72624bbd0b952518c348f2b69bd5c6e4562ada18e23ccc57f31ff500a91f94e6aca310a0ce34c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
c4e661dc03edc6eb8dfdcce089fe8286

SHA1
3c1a372ee2901eea4daef0ec9fcb68c5f56b64b0

SHA256
036f6fa2078148813ab36624bc232b425e3abe797956aa0156cc5bf5f59e246b

SHA512
276651aad9173a2d81bb25416d960e171e5ac9a650ef5fa31df4a950350d03c0ab85e47ef805c150c8118ee750c7933ea02cf909f7429498d6017b350bdcd965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
090c18aacaaba284c9def07aa9caa5cb

SHA1
6be1a294aee8307ba2b6dc803b77801d8ce45bbf

SHA256
f32793f4ae8b9c90878b7d6e3dee6d9a8a523ca0812b8a56e8bee601115ddf70

SHA512
4d854c5d98526cd61148e4ca78b9e39e4f1b133ffd082b1612a7924bd975c2df5990b24351b2d840fdb3dde1c98d31226335ad551ad135056fe5b482899adafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b468ae68577f1c0efb9dd34646b74179

SHA1
a0d6d1378d9af4bc50b38870950e06b0c9cbbc92

SHA256
6a26a9fc23564d145f3ae871f0bb9d499033c2994f6e777356726a2ce24a0ca7

SHA512
06fafcb18752dd63a904ec4b844c0563f9e6a2f7e0ed57c5c58b40ca37d59463ae36731d99b7dd011bd1904573e953d434eea8a230d4f5420ce30bbeb4cc57aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
874241be13aeab86fac6e1595ff1dc3e

SHA1
6698ff8db45bc6635134caa0defd91109bc55cfd

SHA256
effbcfd214bebb66c8af4f24b1b9c6c15b360c6a17767665517fb16a7a73fea0

SHA512
302716fe6fa42e3cd2030e04d74036829fcaccb9935fbc3771d1830f4c6ab562ed4bb0790ad21c2fb7c024aa6105a3360d2a7f18e910e8bbf5e6b5bb208b5737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
7b1021884543c97679421d25efaa9a1a

SHA1
7f1588921e882fa23c36095487e9c92ecd744211

SHA256
fe9599fdbaf003022a619e5d55a424133321ec316d234a4645927d0c8969e90e

SHA512
f1ebf7b1f26c839c3127af5ccc2436c580f071c3901d140f3b692f3ccf277d73c0c9dd33af1af531869ba9876e54d459b922baca77a8ae4605922b125e02ab43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe518570a23705fb0e26d07c26f1d0a1

SHA1
145c62dbd2bcac878364b06872ff964a6fe9e51b

SHA256
b3a4e932e9c497308c5901d8f5d47924613dd8747c84fa4c36a76ce559e1a7d1

SHA512
8f562298fd26129eb73fbfa6e2b494cad98ba9ae86228e1cb47fa4bd3da54b65f61c771843e4d0fd591abffa5264cce340e9ca1bfad079d6b7f9819b3cb6f621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d20c4a0755dcb82a830a9aff7cf2bbd8

SHA1
07260e046943123d637c5263d0c99706dfef23e2

SHA256
826d11a17659a861d653e0884348dbf92a1684958a8c6295faa07423b52e9c2a

SHA512
725d44d3bf83e62c4f20f55835d7a8e699865c0834e5d3d2aa76e9d141315da7ded6b669bceaa7414f078b9f2e9142ec339b3165c74f2756523e0d7859801137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
17e0dcea4fa48ba8d7e48278d0d6c5c9

SHA1
e89f7acdc6f640a74f461924b85722a551a6904d

SHA256
731b66109e14eb4e90af39fed9da8c115405a803d13fe39e6306adbbd926b689

SHA512
bd0820187372fe32c81dc51d80bcee577c27e57e69e9a7b6d48757a24632640fed96dc001e0f6862d7b2387c683f78a266fe6d7ca6b117786469f40f6d039e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
057fc916ecc823392ff64edabccc164e

SHA1
d6e622eb5ae0995df434425dd120e4948ad0b697

SHA256
f645d055b4b469badb7e95abb608ca879955cd44729164648695b2b0f8b902cd

SHA512
e49d6ede752edadd29d6338f262ac6acccdca6227724607dc5694f6fcaca3720f04be327b283e81d244655daa4029c2c3c8f1f0e59b7223a6f3558c976190417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
af4043873b45d3af3a904aff86bf0158

SHA1
4e9881fbc7b7e37f451f6fd814248382abe2dc4e

SHA256
3b315729b5ad695d1951928c1bfc4e8ad9c64bed58e6db8c0e69680e54d3d7da

SHA512
d018da7974f4c0524ca95109e9067b1eb19ef5ede419d241ddf81e5d8bfa14c69053b71ac660442c38bcc05e7688005c5de4646657007dbab329bcf6f88e06b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
548aa7b1123b5a54a6878e910f9d3a7d

SHA1
eda8008eae0438ce3bbdaf4e1067ccd7f2fe932f

SHA256
a3e1f6cc8ebd6433724fb4c7231431146ff3d2ea1c6ead2adc80a530a9566a49

SHA512
857bc66b8b60c99b27711789f9cec79b3037b3f381d4c68bee72601f3d24905530a8edcbcbf660dcbe103556f3af155dba20c74d42fbf373e3c343f537ee5672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
1d034a8b7acce6cd594c811d461a2152

SHA1
12111e36b5e186473597ca2bb77758561ce7f1dc

SHA256
9a8ebb053ba1e91795859d711562515a8b469c3914e18b9a25577c5795d4208f

SHA512
600b825c81ebdf3b387c62d9303b8c3ca76103777f80bae01a69ed5d5db6686422da190361c163241d52a9108e812432ab226106734b1bfa8d336b5c32de5f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
df5dbf63ed41618bf30ce275e6807c9c

SHA1
b9fc96de811dc4ff2e2ca7e4a6fe2627ec8bbf26

SHA256
a48e54ce2de4e86e31303a7e78d41f8e22493a594e053bf2a3341c456bec79ca

SHA512
7bb5a3e0793731e095480aa1df250f949ce72edb35c47b56e91a7144b20f71f300d695b29986cb40a1d450e2ac70e3d0848242cbbb5192b065470e54e8d2151e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fb87ef2845631185a85fe18bfcdc039a

SHA1
d83db64c0b062e09b7500e8e4f907d0dbc162fa6

SHA256
e9ca9930d4b0a04003d33dda701fd89bc129771604098b98b36ea757187b02be

SHA512
96819bdec1308e332fc0ae1b8f7be711d5d5b023f23e9d6b1eff030a71f2833d58ae63000cebfe8fdd0e91aadd01199d8267f26ad11da0c4561e70671fa2d644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc3d6df01dee44199786add06930f0dc

SHA1
08920740b2291199ba62219ebd13f565cf45c921

SHA256
ae36019a776a99c00ab57ac220341d99557a2610477401f0e5b85a141608308c

SHA512
101e06606d48fdc7af845ad077594e4c29a783456351425d60109373686a0de71f438ee9551708e92bbc558567b340f63068daa4891b36dfcfde37d34a5ef489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
24e7b45dd3339968c0bfa18f5184a3a3

SHA1
36c9c734d93d4bce81e28acb25ca3a6a153ac450

SHA256
525eeba8c8638aa749fa0c1ac07cb52d4ba6a1b8e880c5b807ebebc467018a21

SHA512
25d7b3afe4d434caa834ced9534c26083fcab2fa1f0bb09dcbb591b06efb35eb6502cec375dd3b5746fea62e344c4a44a78deb4382162c9a0e0ec47888f466c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e266c47b786c73544ea7127c6c76b9fb

SHA1
d436a2b110e8499c9e06512cbe73c548bf14cb4d

SHA256
8ea314a6d8d609a5686b6f5f2cc279c3f9b362816f64251e73cad7eb1627e7b9

SHA512
89631b8a8ca87e3551b58de1d19eded730089852bd638a96b177c4b819bde01228fb2adcdb95b96562226fd2462341249b00f4e857e7e4508e132ff6d5166a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3d4f0d2b780424032a81f18756746eb2

SHA1
a36058ee84c11d6de1295b03aee34098f053d5b4

SHA256
64142f8e677f2d1176adecfbf0ca42174fd8fd17074b6cbf0dc6390e7638cfc7

SHA512
6a56e99d438d7641518969448704253ddeb6c27c97f472eabce4193b0bb0c10e90a68b66a54351cb229d73ce7ea0a5894f2870f3e1731302d3cc953cdc91b7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7e8930a2bcbc6913b6301384437b9410

SHA1
98ff51eb0f67fb6a8fc5ee8fd9105a4c8304cc3d

SHA256
ff5a22bc70035aa27c6afe35b0bc2dd86d62e2a5c6f40ecc1c22d1e8caadaab7

SHA512
96eb70b5a8bf95e14ce419ccdf19635864fca6f9079b1fef7596c3eea15ece61edef4bc67df59dd27ea5e6e76ac5b846dceb2381e411b2b32f7f7a202a71a255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1071e820fc8ab817c4fa83ff6d723fa3

SHA1
73c284d8f1a4fcf9de2699c9eabd10031a685ef7

SHA256
39ba324a1f9e4b57fec30f48679af3c87edab58907e0290f10357cf6071bb654

SHA512
bc326419aaaf7ade2f8f1fe0a6a9140a54708cfe3d7742301f6450ee0eb711204dcbb8afb5d120ad02e57933029b4eb5063e3fb5b9669da897de40544e53cfc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1005B

MD5
7b3eaced81cb44f554fee3e66e60b5d6

SHA1
8e2f49c500b8655b66100ed036470d495030b89b

SHA256
30f0c720339a4fc0d1485060eef9d3f1ea4c41dad603991a108d0949a172a672

SHA512
b15a19446476ac2a2ff3b8f9f2822ddb8262c9409c5ffca633b94baf8e6c261b38af62872412e06b44cc7eb3e6a89f32d09d669df69fff98569e46ebca21f4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
15558f25006ff69b9457ffcc9b732dd2

SHA1
1b26edfc873085afac00e8068d244000a8fde511

SHA256
de7c7f0f3f4ace0aba26debdc56a1fc7976eec452a68b3f31091c72c2ce411b0

SHA512
2123295fd94bd541d5d06b99e76e26e8cffd479b1a1dd919340af63d849a4683c384fc9ff161cb6656533125d1dd637841370d28b645d0df69d75a9f94786c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6299603d167611f85683d7171bf8d8ba

SHA1
a03ee09afebe2a19027a8c1030192775b9221edc

SHA256
ce2eaf0a7fd39a94f4e03be9fa1677741a38bac41b40705feb875be4e459ad27

SHA512
58cec3453fae189ed898aa67cd1120893e40419f43c66c7d304b7539d8a2f1b2bb60d16ba98a40f2fde8d2e1f628eea69c9d66700eb13e09e1aca286c7516632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be7b089afc27c89b1cc4480530482eeb

SHA1
e6fc03bb334633cbf5794860a14a2991b74a3bb6

SHA256
fead96ab444f0adee8987bb1ec6a2335dd13c5ab285432e88293352c0ca567e5

SHA512
ad60a76abfbec3f17eced598a5e9f71990dc61173ea2a3a6c159b5b6a0391c109843570351a05aee3525bc4ad41b918b182d9214cc88c3eae550cc806581e052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7ebd0d9b1ac7300f364dcc4fe09796b9

SHA1
9808e714b7746a64fb428fef25f78a0a3e9882a0

SHA256
ebebba4377772591e19383c09c8430b0e2201b6f632945e7b481e65b86adb711

SHA512
48259074325d85a76143ccf2e19fda471a47ed3d3cbf9d082a8a7413fac7a8576fac8523034da1a9c3cbc8b05cf71d8987c816ed982de126db0498e9947bc916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2d04ebed86fc9ea020d3fed8f63e875b

SHA1
4cbd439400e1929e5d3fa579c383b0f3b4e6b20a

SHA256
20a8fa31d03598eefad0d95c2cc2cb5ea5d480cd909c77be2669a18489c571d6

SHA512
d96f8eb7d14e7ecccb1fc07eeb2d0a480d5401aa2011384d02a99058ffcef85f77efb94f6e520696f0ec60c3081e21423b4a8702ca24eb20dcde6e494e6804bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c545602c0dc4a5600472aaf450ee2857

SHA1
c273bc9170643fe872c927cdb0fe7760e12ff0e8

SHA256
ce0068790abcbc383f6c79cbd396246218775dd5de423ae96ecabc20a04e7263

SHA512
203f20f7c8628d29455cc6502ff3eb96d16635b4d01d66c3d54028445c914100c5fe1641ac50daf532d5f88df99920f64a84d676fcacb0eee596847adef59483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a71a8240a25c5d6aae74e5d4bb7301ce

SHA1
af03a72be5caaa32e19e4f4073debe32a44b1526

SHA256
245289bc8cfdb882e89bafff0b89f37db02d7a6e37cceb71da9785cc2cff815f

SHA512
89f7fa841cf7d37d5e908a824c6435d6c30310b3e066f61319ee22aed6dec3ef8f2a0053ec6420d0a29aceffe0e3a089e70e5977fc1e5aa3ddff4e365a07328d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
268ed305465479a18539eb3f40eb3493

SHA1
e5af82e8c69cd9ffbf4bec0af7eaade1aaff539a

SHA256
b8163c33a2332fa4155282ffe7765a04ccb0d1e96dcd1504da774fd66350b80e

SHA512
715896fd36dd0c1bc6619a4dd863d9342c09b6bb6b89b5c1f42923b3cb2afd98fc1b374d1bb39a8315a33b79edc2a828f1fe1d7006290cbfd932c3c31b522b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
79e0afa69f829aa7edbda46a2ba2fd8e

SHA1
191303df48ef77c07ee161808d57c3a14756d70e

SHA256
596980400d15e80a38f53453f05699edc81098b7f4c46cd2497cfcb91e3c9f36

SHA512
2847630e33bd9b12cb68668e830a508880a1098cc7c635e1ded383a8e979d346906a0459d77cad4da9a8ef024a552d1e94db95e27907cb2d85407c8ed2eb9bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b3a8df6bfef115d59422e7d3035a9100

SHA1
6248055ea9cfe053ab34cf4e6acad9664c0ac676

SHA256
e12c6fb269af6e38f3bf1ba178ac7e2781dcdd353daeb2e824ee71627092056b

SHA512
45ad0e3f2b423df2be4b5c10b58fb91434fee96d8c7a89f052ea37488a9763e5ced6a6c8f773daa6ea3aae401d3196950144cbf706a171e0e9d2910ef4d8a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a514f15eedc8fb33d2e7e4b0df3d3b25

SHA1
86e302c672438007d1d31794918472bfd24c79ff

SHA256
5f9c7cab17f7b46b0a10cddabd39680a3cda77044363ead3779ad77e441bb281

SHA512
f4b38d8c379e31ad011d471b172eb34f1eb8b0fdcd1e82c6a24fcb7217a4902880ccd5d9c1e276126177fba4fb9b00cad219b540223fe94290a14ffc38094354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c3db0aa18897f83eb0c01270bb014639

SHA1
45c33fb1489d60ec5ec5c25fe33f16657e104de5

SHA256
7f005936aee33b8fa543ca4c8c0faff7f232bbcf017528efafcc6b93801f788c

SHA512
9ca5c09e0574ff5886379255da8918c39d0aae5fba2c22490edb91578248764c0d719506fbda7eba6d1d917d8bc82960fa7dfd7f9252ad77fb5e1cbe5016ca7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1f2a3491db939b262715fbaa8d1b3ec

SHA1
ac8657be8521e5311f7b38e8e514793d98fa02de

SHA256
01f0c8eed9ea24d9a7a54e7e566fdd5d10abdf2b98d01c935cbdbc76ce71733c

SHA512
83e7aa48ac7576ab02bc0da9c12c917877a8778397bc2c4ddd52ae2b2defe6bb64abfde894f7e67f4ff9ef459110a40e8e8056c0919f7e21a7b8bbc8abce2d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d991472d680678d606aa5a34efe85393

SHA1
b00d8c5b17a66eb1afebe98b7a2b9988e20cf65a

SHA256
276186125ae0f88a73744440d52194f025f49d8482c8b5c53e5994c13a580f9a

SHA512
b7393affaad7c3c8e1da723ba8cab0a96e6afd8ca05a0d04825c92c0731c5807c1a5e0cded11c292c1e91fd3f996617f0f6c17569af23c36da247424e82f9778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11f1b696852c2c0cb9f409e1b9454927

SHA1
685cb7d7835e8b3a6cf64f27db7769e70e2876a5

SHA256
43b897076814cd29cb4571912aa24f15d9e11633ffd2d506841ebd1a25e81b83

SHA512
cb9f483d84b9192ad0439c7cd1084095d286a842257a50977f91b91c6bc49c82a9eef53441259761f7667eb0f218178e22e542662d6f2608e21c9ca823d812bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b3104591941d8059eb5f7e424736e6f

SHA1
06431fd296fe29e340a70fcc99509040f5715105

SHA256
6be139a21fc6dada61c5820995a8f96f3e9fc40980fb400c1bbabe0b869430ad

SHA512
dbf09b5a273bbb238a40da2f9e0b2a45a3f982f867c2b3d98be89e2a5190ceb12a2c99103079c448dc09bb164ebeaee42405a25fa99d722bd653e519aa2aaa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5c0d993fe926d214a456f52c484ef367

SHA1
5121ebb7ae7047f9e1bfe90739819c8b5a07d823

SHA256
e81753e37949754bcef098b7f951b16c23cce42388acc1309ac353790d3c2a25

SHA512
3ae12f0028322017c49120f40202f1c1ab7e08eb58d7880c5e79f70f77369ceca654f17e7aadd38fbaae771b875a2b4ee7149582404f00e927f87a3347949132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7ab52134584dfcbc613101ddfdbc8cc8

SHA1
3785fde3dc91a1c086002cee7ba4b0d6be445d07

SHA256
667cbefcad900348ab4c04d139dc9878e6602f5482a99c42f26457c5b000a67d

SHA512
5c50102e8355151bda888083c60662248b62d2f5ccddb83b4162db621139e97e42e75abc0b7d8c11de93ffe2385ec46dc4722fc917ea5c41599c656d46853d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
58fab1da3da0c3f039df7212b6cef1b9

SHA1
e050491dbe80df3060038bc2719717797968050a

SHA256
aa8760c8148d32b8da324ab9d93bedf80209cafb477eb202905fd0491d0773a2

SHA512
b4607b7e009a61bc7d6eca53d17e6194a9910595c22fde347877e9c652ebf71c045fa0b38000dd651d1f032dcde0987df3568abbde9d80a3d33f02e711e4412f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b7cd615631637a522171fce5a79255d9

SHA1
431f7feec168f1e22831de23f2bacf56b67f5826

SHA256
bd612cbba0678af08a0fe7d8d68ebad8163e5c1689074cb8f6aeb7b2b6d34e14

SHA512
acbcc665e0257d473fbfa9e52c4138d5961037f96c8af1739dbe19a31be726306626a68e44fc90964e13eae2d1b7ac10dea285ced85569520bc038c9b67d1b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
af83b739b25bde94edad542eba33d01d

SHA1
fcb602b132a6044a2b6a465a7773b2a892fa7e5a

SHA256
78d496f38c17a60bc8111549dcd9c3d26febaed34662b363b2b1fba6a1451221

SHA512
2d5ae51572322a2a4e7b475872f50759402e52fb6b7cb402ac88551eb0bad3716938e3960fdb804c2b8828d748bd0c19b957971952f0dcb81426c2f79f7b7233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e43df18e6236bd530a42fd88f923169b

SHA1
3e7431184be93a5d983f62c4efb9611aa81564a9

SHA256
6cb7fffbe7f6fee069779a275ecf3434f9240e9615c2814d63869fa246a45915

SHA512
4eb18042e7ae23bb1548e99fa97038ccc5f581f62b3bfc23aa5e68be1647a961f4453ba5f554f56c951ddb85c1a1a01406c4f9a21700c0a61e519f6f10d85cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3ac42d88858622240a25daccc39eef8d

SHA1
adcd1912e9b53123d289fdf4061af5ed18e4ae87

SHA256
c5d885c5f44bc9f9e2c4fcca9fd1ac621e87535c8ffdda8dee7d57c98ade7954

SHA512
f082a710a52791f2eeff0400eaba489e8f16dff3b5c2b69d9e3ae79ba8d637c9937dd7982ea819280cc4110a2e8b67c979e3acb8a9d2885c6c5f55039adcd002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e1e872dce6254159249d1dc3b89ff74d

SHA1
742d4fc8a8cbf0e4440bd2c502b3c48e2a827b4e

SHA256
21d6358bfd8c98cfd5ff60edf38c3c83487423800eb922efae7dbe664a656497

SHA512
8cad2b04f0379f7afeb0ff3053ccf66a2c1db078b97cff4174da691cd14c5fa8098a4b8111c23912f57423e75b0f2dcfe1fcf442f9a6948c1d24deb65531427c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1bcb7b47383f50d7a6867db820bc3d76

SHA1
f1da6bf52eb850462de777079c3a0dca5706751b

SHA256
72bc8247a70fc9e27f0863a2bf3ab8c85fbd314a12e65026ecc4bbf681de774c

SHA512
509b558ce7cec6a79e26e72e43c81709856ac76fb618f0ca42c0d8916a3e4c6788904f10d3adc18be5a2573a69aec7bd78f239bb561945edddbdbd6acaa52f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed9bc49f957da12f14cea601d6f3adeb

SHA1
9c9d67200ab0d48473389dee3c2f88cc30ea23b0

SHA256
dc6e40cb1c8f7016b18c9328644d1784e2310e1d2336e79500d8e1c53a95193f

SHA512
7d6406a6877f402d325a41ca6859dd2528658e82b9014adcc6577b0c8ab2f3249fecec84325c54f87389742ea292ae4fea6d2105be9f1c2e2b71dbd6c590ea88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e827f655984530ec15a2cf745bcddf8a

SHA1
91bc789a7da8d278fa183f0f3f4c017b9eafa95d

SHA256
521dbcd0becf2fd4bf1e43bdbecd9ea5ad9243e63998d84687ec0db8ddeafe68

SHA512
4de6a17612b26e4291c5be0a4ac9529fde0953faf71c1d778f3053b140fb42a92d1b4b719bc6bd28882cbdccac68ed3148c3a2b5f5ba833ef0961fcdd40a970f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f24467133c5b4067a7706e6d5099469

SHA1
152e8038c15623d387112dfe599d55917c52c7a8

SHA256
712f05235a64bb20c86de9394e7f3d7e081993c4e3515fd9c8c963173b316a0d

SHA512
ee8632b33f146fb23a062d8a087436edeb1d641e3844d0a15ea6d15203ba9b4aac7253690573a3ca54556e9fe9960c19a287619b244bb01caf2b8ca48f31d215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59c917ac9d3b9ec190e813b98a292cef

SHA1
135779afc7bb1ec0dcf5343013d325acb41f087a

SHA256
5a2402969b058c13aeb5dd9138309b6f872a15bdb1e0cae9603fa583760f46d6

SHA512
0bcd90bd663da38918ac1ec22d07a7acb39576c7da0739669dec6ce6d3ba206d8b6597848216ce05867fdb952dc63ab5c3f96c213dd1feff9e191dd5b961d87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
db3fbee60053b3e34d25e946e08818ee

SHA1
692a03285daf1bf20943dcdf24d664c6105431ee

SHA256
a768d674b3f6708d32ebc263ff6f6e89a0f3c97720215d25569bd61ee31b6e32

SHA512
090df25eefe2a22beac23a9316987476c676a1849bb25a7449df4826aeda87b259197144c59c8cbf514bd7954c077fb14c652c5ecec7d170d6a1fb6306ca28ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f6de1a91ea659a8f1f279cf570b1e0fc

SHA1
abba5b20a18ad190f50a56250869be8ccde6032d

SHA256
0aa2ea94a507d1f03c5ffa03c3eeb6bfec98680fe86c4bbe2dba0ba882696714

SHA512
faafa3cd6052c8766d4f89a7e4515334a8f2dff83665047f3511aca481a4b074897aaac0cba0ab71c674f5ca62b08b35870a8547f6685fbdba601c7a73b4c92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9d5ed32f83e56806937cc56c262b95e0

SHA1
6258e7c9d8afed4639b6306f9c34e8a25717d03a

SHA256
6ff057c9556b91b03c8baaf9886441d093eabaf4896dc8772a697f86ce7707af

SHA512
6d42d82dafc3ec13afeaf73c04a3e9f59858b41c784f88d564ee389caa179d1515f4d3b2ab7c2537d298eab0443324a716095346c09d34f5e9f6d8e904859ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
67ca4799e9de92ef7e25af270460e87c

SHA1
fa28db23652e2f6b1999d7676c4b3d91e57510e7

SHA256
61e554d845b94d0be2394d4aeeb68fba2302197004bbb041041a93bcb7b014b8

SHA512
492dae67518dc457f505651acc242e75b2322adc0a81dfac0aad0228e144eb777998afce7ba9109180c797051d6999de468c4265a87a8b85e9594c924c1e6ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
94986b9b331ec4e6d63e302fc036ce05

SHA1
8a5d6326766fed183a637b8f51b5ba140ec3b30e

SHA256
7a806cd7756063e8ccaf0c1e4d2450a535026cd3141e284993709d24a526a835

SHA512
2e5d5128b13112a13ec8378630957ed40fdffba5c44f8bce310d22ae21fde2ea6d639bd6e0a3a49c8b38908f3a8e156ee9b493760095c535efbc1d9d08d83508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
882f1cfcce7d479022d3f74200c62678

SHA1
ef37c011aeca76ae4a088ef7d9307f0150fd4004

SHA256
f92c8ae95a6728cd2880349ca561216c4d615ed8f86d67a6eeb4f02c88d5d182

SHA512
8f5a625eb818df76667c3e62bc01b246a9759953b0c7db6a0bef977b09eba85ad321a78deb029c0dbe3c9f422f0945246acd975d51657ea840e9ae9a947a7db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
127e02c5b9c86dc2fa9f35eef29d1a0a

SHA1
88116d86d5cda55f347b72ba05db065514643c1a

SHA256
09eeafa02af80a051c9140ac1e0f5187fa1a1d0ea706180c4a82fc8d198ea12b

SHA512
50e6b21c0e053ddec6e3b50991457c3974701a3a6dd5013f5cb7e21183a61a9cf0d49e63c0a04e84181ac2ffebbebfdafc3844936e0beaa9fd085d454a7b2d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
348aef9f41a6b2ffc07563ae796b6212

SHA1
06b5a4cd3c7f3874388e928d6b8cc38fdd5ee832

SHA256
7eaecfa60384fe9090080b555daef2c28ed38c72fac269ea40a6ad4b4cdaa0ea

SHA512
fa92895a67b27e4aff4f5af4d906b0ac5911a802996e9b3b13e72bcceb5633261e1b38a8ee2a59ad1cbda401872a16076a8b4617248e74d0cdbf614da8b62c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f2376b13047073cfe05c54bf6929be08

SHA1
31cfbde8ee3498a56fad3053d7898781cdd40b68

SHA256
bae329784b1d930252781e44afd38eac388fdc2bdcd6d6e9bb73b597fec2133d

SHA512
afa6ddd6c2d52cc77736d332b0ca7b1175581bc2cfac459709e758d666387bda61ee8d6f1f785cd5f618e9eeb3faa33ed35ea50432aa6f06f9493a32bea9629f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
449334b4e835816aa7a3df11321d11dc

SHA1
0dc4db0bd4e563b9ecea1a78be62b96b52be35fe

SHA256
797b656604493453ee8c31d2dadcb052ca05ab56c985b550a2f425f8d82534b6

SHA512
8cef761962870ba8231c61400b8aabb824c9cedeb3871d5f5454facfdb0fa7011cb128b889d36a347e974c712eb912fdfb4fe85fa18c63a9ca336d8695424a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
194519ff1686eb20a6aaa86df47b4dd1

SHA1
40c33826871fc87d6477415999ed055a986fba45

SHA256
2d243bd8bbd226815824e15aa4563b222266dac93643735838ea630dc81da9db

SHA512
c6d3bcbfe78b57aa63c09a454f8a36042935b0f2f795e68d37703a6c1d88cbb5176d4809c4d26d32922e815ed8e6b81e5867bd3be4061fcd6b8496503d109bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d1baad9b4cd2f880b903465386b7a8ba

SHA1
78096061f3d7b9097b4006fc977e671020786cdf

SHA256
90ad16e58d905a52a2e9e3101aab07fe2704fdac094d24c68499bd409b4f2070

SHA512
1d3ee54815d6092c24d0ae3f06f206f6226ce80fdfedc78fa368dbd9b9627e222ccc80443355ff64f06f35022af03efdb4dd2da2909791662e526a937c188dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
af005185531332f555458bcb6c650fcb

SHA1
c8557ab315416707a8028869c2b7f3750f4f4262

SHA256
7befbf464fda455a493d11b3e1c1829f8a7873b486547d6c07e163785ffb4d23

SHA512
fe2dba61183f68be43468054176ce85e8c286fb4cda66d883c59cfa212ae28fbb7717ef0cdb3d787965d39514ceea81e69fbe67ecc38c000fb92cbb47730d860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
336f2f02db13539d6840134579aae542

SHA1
c25946f2c79a9e5046af1b30d623aed05560db9a

SHA256
07fdeeed545749d3fff027d796cbfd64e3cbb8f33dc4188efd34b6dcd0469c2a

SHA512
3521598d87cf907f7e7ac9771a19d6c0a212c2392b6d1619376b6f3bb4b84e196ceca6d0525eabe04413e10b7afbef90d6b9d2b486d065b2d4ab9597a0302d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3e5850afc8a9dea6b122cb10af5c73d9

SHA1
9a5c8b7159ce61c0eee3c76a4c92cec89c580566

SHA256
b009bee2dcc21d4d31849db160cf1141bf75ba335c51eaec17ef212f0800cf1e

SHA512
ae60e3df00758e4785025793ae46205381ccdad58486129d7d2a78006538e29a87f07b644e8eb9bbcfe494ebfca45737a8126c4ee61dc35bed109e07ea3d6eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
269ce35ee15b2b23150603170dab77ca

SHA1
0c4806c88b1f2bc555ba217d1cf870122d8f62a2

SHA256
147a73fdf15650c0b749641e21e07088fb52d0b41ca3411e1b07bf778a169158

SHA512
65f5ec75619b1146d79474b7b4d5153639b73b12e42d3ddf07fa3e0ed1cdde072053732f2e654de707dd931c7203de0dc359d595a80f62842296a726d64f9883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3ba24a1a8cea816edaf159de6fdab5fc

SHA1
113520b28f2ec78aacc92df9e0c04b5957c59318

SHA256
677bd99e9f8bb8c62f5fea2d67a2ae0f78f1b0bb8306ae2e811b5abff913bb88

SHA512
7f2234d75225ab70bf286bced91813670d48e02ba2d4350d9ccdac9255f2dc835ad350edc1c031c60d2c5d916dddf31e8d54041815dab481e37a646dab92c723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
74d7c5d5ba9e555171ecdafb6764d99c

SHA1
3b79e61a7d3805f4861e9b6f620b3791e0ea7405

SHA256
8ff0cebfc5aa58bfb7d6958371a06f5f0a73e41c7b3db9722f2650cba5822676

SHA512
a5a41ad77108c6b7f8c3b5892a15d9fa4d68938ca1e7cc375afcf1a0b853f574b061e43a75126036f014cfd0c0da2b149c12f7ea88acab6d9b1dce6f37ffc966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bf5c6373e29a5cbb45035bca03a8046

SHA1
8d5d29dc23bf25116dd8055c6c6d5edb3950715a

SHA256
f51e881465df1b7e80d2c05f1e989765a19ca28185c82a9572d987831cd3f61a

SHA512
fafe5a6e2c35f699ff3561a4b634419f4c8b474ad936bb9d628cc88243f8af5bb7bf2703da33909e535697e817408e4b0ecea369b459cc2992091ebb4c1bf549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d999296f9f94c183fafedeb712d99d48

SHA1
f61fa35bc9275ba30cf36c12955bfe7cb0ca5612

SHA256
225ebfdaf000bf3c23f8256eaf6672ac65a1cae715f16dc2917b3164006173cc

SHA512
9afc7094a2c507601e6888c64ff303f0c0967505f6333cab34539aaaf278661d89497fa1dbd1985d2b87241397401dc53bb496b7c0d1402b4e2f56ba36c4612c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5a5cbb35bc889009c486ff814d3448af

SHA1
668b8e98be38f29b068439cc0dd632d6fca72e40

SHA256
5e82733792a7a84327e236ddf45bebc7cee39fe513e424dc3bda49a49fad1432

SHA512
50d4ae0f4b41862f9e3ac6a7ab05fee643840c26e31c577b5d88e2a117ff53a3e5a25c7b63c977db84cb85eac593ead99e33cae34226e498a7a06fcc1d6b8613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
608aeef20bc09016e7b94162d59f4ab7

SHA1
5cf4d726bde5dc9b756f25c8689b112899862c9c

SHA256
2f7ce1ceca52f4ffacb0f731909414cba7db686eddb10504aa9338bff06e08e4

SHA512
6930e5e1b07564d0abe20bb3c8bc7f7853f4f8ac11b20fb2cde0aecd63cdb93d661dd2842945856300f6e75d05c7578cee156ede5ce182a5edb53c5592ccb5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
76d452e32d2e8c8068e4c05d8da8e10e

SHA1
32aac3df48dd6600b5438138e9e6a4d19b055fb8

SHA256
cee7c0cc0a14190170038a2b875c03f8327e14a9f62672779aeebd75c2e60061

SHA512
e8ff2d58336d9f250def08f002f0203ff44d2df16b89d78d1dbd4aee4db23c93574ff8c0a951b7b0d16290c44a20fd7ab11c91e29217c5dec7511db3e5ba6669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
68e3277790789c949a3cf4ed93a1572f

SHA1
46a48160b22de5d5d6ad35989164e8790a7fe51f

SHA256
0397a963f7f3b724f57c203fe25ef6900f468eabc2af6fbf5b4a87893440c310

SHA512
446b50ae05c1cb4e88f42007dc373fc5337c224bc662133aa6461f1db44a67e3442cb42e06a2546568b9b235276064af16f5f14a032e657efc0bb174d9467a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8e1aae0e5588412461e38a74fbeb9be0

SHA1
ff1d0487c5f908ec77486a0a4096514b06d82161

SHA256
2d9eb564ef7bf1ec2740a31c61ac0f3fb77334d79b208cc6c8e784d064ec7e66

SHA512
e8cdf25eaa5c347b4dd4ae196c30f265cf464363697a3cd9ee04373e9fb79527bdf632f5a80c09c476b7091ff3975918bfc45e5252ef0c40ca85717f8e796ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3855bf59abdf94b5f7f39533eb2ad092

SHA1
a54c827b0945470d62af857665408338ff7eaa31

SHA256
24f3e5f501f2719c1fda69baddec91b44368451d7e87e7ddec94815fa9858a48

SHA512
392f497a147a64562eda62011242b47b7dbc5c8e0c656bc93ec54f8b51b1f2ae9015172d2542e709e41391642b27d408273295d10358bb144ddc95ff1ef35550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
657d3e6a4a50ac61fd8952e266c7eb08

SHA1
c5ca86c1bb8379a1193a04f2bfb4b535c211ccd8

SHA256
1919d25216e62fbb422c63f07fac6b38f6e0ff560b5e6fcd8a16b8299c42e23b

SHA512
721d869cda8fbc0fc8b211c83d5e6103b5469ff91b36d19d51fe75022edfb8fb1e6f4ba37a6325a3b4027220788df71eba6ab1eae3fbd9b882385e7fa21bb779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e773552606e04071a010aef193f2a8ab

SHA1
25120b01aa54ca5f267b12bf6fad91d199590d8e

SHA256
4cf68504c3d80a108c429ebec3c83b5757cfa3a5eb92d9c34454f60acb5e5c0d

SHA512
461f471e51b1d794c5b32af57eb45d5422bbc1ced5ea32a8c1182b27112226f7d221e20b5166aa4873b63aeda19b0a447530394bf016643169a6879c86498384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2f8a3a1075f90c0bc070fe9fef831657

SHA1
94d0d767e44479e92036632bf75dcbde4e7f0dc8

SHA256
33ca0b22048e5fd811f2d27868d1ca5cfd5fcaca8bab1a9dab81e356bab1d525

SHA512
3b82b8bd9ddcbe74c208c2869b93f0f21b5acff90fae38e09114802266c1f57e5a21dee6a187dbc79fa16dcce58997bd304b9b138b89dd524df1c4f1b66ae593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5b051256e01f6f81095714d18b2355f8

SHA1
b737cd0f28c25c7558e0bd88a430267361635d65

SHA256
7089cfc54df30853c6bf89dc29ff0129e14c913b98982a7cfdc68aab48aa19e7

SHA512
5d0b00bc1328192e95f7fb7d6ac48c876d25a6e65712499ea5111e6cc0f84f6a0c236610c224b097edd3dee1e2aaf8d7728f5369a29a6ba77e9f76d67798ec1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8abb2f0e6c278dcad445fef3c36eb8e1

SHA1
dd0cc57aef103fddbe1e60cbed69d9f760391e87

SHA256
ad4524177a43bdeb5407fff165a07f6156170254472707c8b89a3f46a01ed83e

SHA512
fd98bae5b1c0ff83b8e89235caa24522f22da96b21b1e53b06fc2078a6a53bb34ddcf856675d946a3f44039829cbe9c97c43a2c233859826fa0e80b0893aab58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
17f417afb7bfa7d8c7886cccd4bde419

SHA1
7a057d9c3f9daf7921118bc15bf51bab5e6f3f42

SHA256
68ef24bc963b33a9f4487defaf60762406b178f48cd36970e40c47ead5e1cf6e

SHA512
4bc59ae177d6ed2e8818ee54f3c6f083f9a26060f9a96dee8ff1b218011f10bfd97013793fd6fab371ccda84416dfffc6c0103d8bf7ea26e68bb50297002c37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
34fb78c1e9579b33e354262884fd3418

SHA1
c388a8090eeb5484589a3e2a52ac5a8414918aba

SHA256
9fb7474833d5383a0ba09d9a4fbf8236761fed45488cb65c379c2563aa72cfbe

SHA512
69ad0298bbbcac748d705030a09f7e213e90df88d4975ea92b307a9a671e529b0ce2b9a0634c155a98d98f346467efc74673e1657c1c07d3ced99b4cb469f373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
113c4a9863435936b6a1931656b24e3c

SHA1
08f336865e5918f21dbcd4a2f089f9723a58909a

SHA256
00ecd75636270dd0b224c1fb170fb4b3321cb0d7dc12ecdf84a501d4fbe2e9a0

SHA512
1120772ca724c0d435ff999dd9117fc22aad2dc39d5c421fdc91582f732b0c96c7867496fe74d802aead6737187f0630956d28bf8feeb220360a741ad3199bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
706d83cfae74ce4960772cdaf4cfd1a3

SHA1
ee057e6c02c30a6adfbb58f40747770bb89e2c08

SHA256
2071b5cb678f2aa0c70ec068ee5bb3ba64a7190b4dfad57c1b0d426f696ea2fd

SHA512
a3e95e4a55aa487af7d4464f9aa0764f7d9dda2754f1c5b6d19e8cdc992ca003677c3d4a4b3c0109ff1acca9368f6f7612af9e6e5707f0cbe2ca556430a72c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ac267a32b8c96563a57c358e756652f

SHA1
2d37575ac8b34e203b4da150114a7c9318dc8b52

SHA256
5bb7b571fe3b1e96a1b7a46d9e8353916beec393bf57648b00c55a0b202bf0d2

SHA512
9abc227c3326242aa48b0c5c2ffe327a3a227c9a481791978445a3bef6e7ed4427695a9dbc156af2cd204da157457bf69fd4d816dc597fe762409bc40471ad73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
49f325ab9bf9a1f04fc9273a3db0ff1f

SHA1
9b569934eedfd1a073b968d7c7155cf0eda981c6

SHA256
6a818fe74cfb44a0417b151218ca0d2a75f9021908f0108f690f01fc64ef2058

SHA512
b63a7b48a27b5853c1a16ac38364b99abaeb045ab8f387b79260c3f6c99636b30adc804bc0369e153008d89579ed1e4db4c3bc3cd2c01ff381c6a9c8cd18f30a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d67bd5563b205fdfc05041a26114e3ea

SHA1
9e8fb0858548f282cd541970cd574cb794c1e0ca

SHA256
ab2e0e7f1a2c391804782d01fb16bfef0ee51b524b5da0d74a48049f535f8da6

SHA512
d2489ccbe21eee9a8e7a4f1953fbfd498a923db30f63e002820edb629cb8de15e12701cec4c069f328f112e0e0faa78d1cb8210b943278d56bcf565e05a64782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a28ce055c81c1db4f979faed52338d9e

SHA1
5c1617c195dfb2faac48a59a2efb0f25e2d6f7e3

SHA256
017f4f62007398c5806f8edcb0fb798b097a53f12e9b9f9a60a7590fabd3d154

SHA512
f006ca55a431ace0b523703499353efd5110b586d770ae5eecf908d6b65466767d3bea1e8070328bddfb4ff114ec7ea9750edf79bfd12ee69008332329605180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
20c098fabc2ee36f8df8b6344950830a

SHA1
17df8e12d2f2f83b96577e297c2c0360fcb953cb

SHA256
828c2b1677702fdb4daa99a22ceffc17958382e22f68283806a9ef11f0d98b84

SHA512
351a6be62f213df5cefcd3a3b464ac60e8aa60a312b067179083024c9eff84b1dd2d0acff411ee727af575c3c32e0f4e9460e38563b39f5dcd2193b87a81d473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9affcdac09eb87c180e7684ae590e2cf

SHA1
291fe064e11eeef60a3f923f055017484fcc7e40

SHA256
8b7d91350fab228ba15ab359c72fc428f80badc64ef89dae7333e5e24ab8d6ce

SHA512
71b0f44443a1fdc3be6d705a3705a31be9244cef55eb0b5547417a5cdffd9a012a7922e3a59c2f344c5b86e161872bdc7e3418a327f5c3cf538972660aa27e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4a53b803bcd39aa3ae79b58a1fc7aac

SHA1
61a665695fccc7225d1188912c6ed27b838492c4

SHA256
5015cbcb56f17dd09ad94c7fcf2281093fc7bf0c314812dacc6e6f4d20f939e0

SHA512
129e05df516c102f4c9168a01907003d9bddb08462ac13b651395cd7cf13279812c6e2760399795826db7117e9fb27e3bfd2e2824e6293037694aa952a1a891a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d8986.TMP

Filesize
1KB

MD5
3845a1e97bc53c946a98b64087c3dbcb

SHA1
1621050eb486f7d5fa8c0b7ace7dfb44afe448dd

SHA256
590c7939fcd2abcba78f30ab357d94d2c5e743953cc56c4b504b37ecd5eee90c

SHA512
efe9eb11b06ac807a01c68b20b170cb955de05e961b021ceff6c8013762b2ec0f4b8a7801efa40c40eeb24fbb0baa6af881191bdabb93e8737e3f1f66d4c7435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9b1cfcfebe35c14775ee5d2a6f1b9453

SHA1
397e23d1c4e1b504c3493fa690f1059d4483bf26

SHA256
2da9631840556365aa14151027f8d306f0914145f9fd5a9b7db7f1e9f69e3b8e

SHA512
eede532c6447891317d1cfb4a7d56bc6823fd89966e82262128f97697cb63fedb92d4a430723526522f8b86c4a766ba6e103bdb7d62b429eec6c7a87772a2118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f34b4e4095eda3e5b3e27714d7987324

SHA1
e353f0ad8292aa51c4c3efef3a425eb5c4f054a5

SHA256
0d082d4d78a637e13d94162b0df7a841652fc9c9b3089211fa66ae67672f6299

SHA512
e553308d175de507efbc9f799d0f81665449c1e516f03d2ecb3eb287dd30a375ed002502062217a16ef2b935ed05b0995c33b6daafcbfcd4449097dfc6446802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ac50378e15d8aa26440a76fafface308

SHA1
f2bd73916558c8acb030b1ab266396b260fb4417

SHA256
23cb8f051c7942b2e0c0acdb652036bdc3fc299638f17ac3f646b029c32b4532

SHA512
45b03b09082d157a88b7a49a9a8e1ca174d0e0016491e64766c149ea26bf96daaede6f28e6607f11a858905ff16bed6fdb01263b2be4094ee168e246f26b06a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
efbf7faf91199ac95c8c64383005a0c3

SHA1
4765a6c39766368575af3d974703160d40fb7d87

SHA256
24061df42aa8c90fc40affe253baba0eabde3acb45991d6a90d992146d3b3e05

SHA512
ded38a587af049c3ee21f95e91628eb80d6e061655bd3c78f1cfd2fc941ac00002f47ee285e64d46d3dcd98f4b24e9768444ba6cd0546dadde5096db3addc0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
38be2dc00e9dd3fcf33586c7d603aa20

SHA1
8603add80c95c333bdf5ae4cca509a3ff03431f3

SHA256
09fbd0564ef8eb3f018500708ab1fede189f86fd24cc90755292ce5d77a8275a

SHA512
de79acd569472e9169a0233a21456f22d527e9bd61c220cf0bd93eccac70c179d74a6f62ffb9605d96a3d5f03b5a9cc1892ff142322d8aeadd43eee11f6d5811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
85cde01cf6a4047c0286735869cc0e83

SHA1
4784193b81360559e0fac53d67f93d7b74153db3

SHA256
a80dc339a9e7b90fc5667e8c2654a036b45477d22ed3c5344b2f723e1e8ca0ce

SHA512
f362d8c9d774d66d2e4a80738764a8d6f1858e696fa5986322af9e1d75b0d0ff62db6338632aa128cad44ea55f81cb0a74958c890ab80218bab460003b8fc864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0a4ac983537a5281f49b6c3ef0c3d502

SHA1
6a64b016f3590115c8c1fb208ff004a40d77efc0

SHA256
e4045546f5d831341e4f38c9d4519f5b6f90957784783739c3cfd598e4f0c376

SHA512
e12ad4ec868409403e693c4672f74e170bf13c9f89946301f0946c2873da9386768bb8c02c67bf68d86240303e0470737052f8df76feb4b8e06aaedfb37eb2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
718fd30351556f84f4170d3a83f2542e

SHA1
7423cc74583db2e4ef979ad801bac3d5e3c8b0a7

SHA256
a7d9d4f37e88ccb2bba4959cb8069ab06d9bc7b3d7e4645e5f3d209ce90240e4

SHA512
a8e5c982582be92f146ee4cf5e34634809b259f43b2869baf1caf27da657010119ddbf749898af9d620973f8c78e0a0aabadac94274552010a5aff36607fed5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e95d78550c9168ab9e19afcc4f414d1c

SHA1
4888d660572eb5216554ae99c644365e4a4f1013

SHA256
2137742ecd7b83811ebb37857ae42d156656d605d5c39dbae92f3b97ff288e92

SHA512
7c6f0b9fb312ae03fda3277aa321f66cb8230172360990244d62f7d0b851fcf46cc191ca5eddf168dcc206c421b435b70d89d9bbff928462d7119210285b2df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f0d574441f9f7ad7dfa3590ea6ead06c

SHA1
bfdeaf066b3e2fe5339ead22319041d42cb058d6

SHA256
063873a8ef4c917a1301884b9058661cb9abd3a033bbf823367e9e0031faabe4

SHA512
2bf46c2d71a6ced9a862f8b1d7510482b1d0bd97b9cfc3903191961f809b4150c209b14e28265baabe59d905d1bc3ed4ff7c79dbeb3715299d03ae1454b7927e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
05160785c2e300d4b6e3433943ae40d2

SHA1
47e982d5c5f6b8ad674fce5c8b353faf7062ebbb

SHA256
a3d2922a749978ca192ecabb3ef4845391d9df25b3d9fd332f203465e9634739

SHA512
ae9fa123abdebeabaac7c3aba09a1da65d30576c438141adaffaaf0e3153226a9e0cf0338decb0a3574c7669fbadda79b4e7ead6ea8d1f73fddcd12c231c1d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
36eb8f2f7909bf96113b3eb14c23dfab

SHA1
5cbd6e1e9f5f498fab11157aa89a5ad53daa1518

SHA256
f8f034e7349cc4658856522fa573e981f0290cd16e113e1f78131bb5f5bbf589

SHA512
f78f1c3f46e7f7cb7268e1618db7d142553cacb9d637ae8d5c984e6a451a5303f4a39718a05e49d09ba5e0378cb89679b49ea1ccebb33f286727c43630f5caf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ed665e7816bf04cf2f281fd41479214

SHA1
00cd4b2c4de497d6902a353ec21e947d0d2fedec

SHA256
660f55bfc11ea0129c0e31792aa8567013a600446af3a24398cd817371c5d081

SHA512
752b3ba7ef1893bbe63c1a410e38c821448eff0b1884568c121511534c57f076cdbbaea562169174c80b654a32da577be8165391faec7b3042fadb4922277555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
54a76f4eacb2abdc033f021a5b0621c8

SHA1
b0124f34df04d695eef62b328e15b67ace5627ff

SHA256
1b4879f17942ede6fa2840ab9da2b8876cf5f451c270ec20f622de719b4c68a6

SHA512
4376eda114cb65ccdded37ec74058058965d2931906f11bc5b420acf8d95cbdf229571d1007085a952def0dac3b360786e9e18f8cd3bf8470bf441de1459628e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c34e5dc368924d35f9dab28e69905524

SHA1
d0de7576d6d7fb5d78f7ff90cad78dfa5c3ffe87

SHA256
8a24162de3a877cec2f4c0342c81c939318a6ce4977e74a5d4efe302de8d01e4

SHA512
55f098705c7411a363dfb712fda92f2d79e95c1a11993e8756da60dfaf9e91cfcbc7fafb38645c0f0b26e14db7a28b8bffdfc6ecd636a69dd76d4f59cdd4b08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
346aa3b02a840869490a7bc8fd4752c3

SHA1
b24b73df615e695c1d1de1bfa24c8bbf52a5c1e8

SHA256
93bb30372715612d463d50e94ad2fba3e26717ba217f44a47c26c64c8159b325

SHA512
c7c7215c886e2f5e5b1db2bb7d5ec198aa8908509d0449909f2103ba20416b36e8e360744340f82aa0cffd209a7038f15d5684a21ebc8d494e523fc7f8ed21ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a398ff6aee1737a0805e3ea5f5978fe9

SHA1
7e1326d9f328917a3c9f640c60aaecc51e99458d

SHA256
febd37fdd745accc58e524180656b789d22e4d89186e26a6bcbb11140349cce8

SHA512
5f42d05ad5aef3f28479d8306b1feb2921dbf321987f12c0281ef3f631323f8cef016e9f96600b50d4afd8385e5db1ef823c52f52de519755fdaef0bfee7e2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
01128f545492d857feb3750d1091e313

SHA1
20ae9db75f52aa6cd67e74c9a7b228c7db7dffc0

SHA256
dc8a65001130a2a4f2a7dc9491062ecf59816acec203047937bf0008d13aac0c

SHA512
b00e38cf67338b57131379623ed3c58083176640821b27dca1d49ab990183ba52d7232e223714d0642a7e7e26f160e8e7df4e2e624f6dd873c96a34d72b3c39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a007692f7d97d10c17bc6ddc41421c6c

SHA1
0b6a41729611dc6360d587d3e41d12b075c30457

SHA256
a2380e50f765ad5e3d7fd935ea0ab30261c300c744876fbeb00186c07df93443

SHA512
2a796a0c0f20c463b53d6dd84420a2301c3aeb08d6aba79df22f640d23a7b6cd101f7eed9595d887fc97f8eeb1b25469512eb73e3003f688d4805141dc6715dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
091e74fc853b7b68f65f130f7b7370df

SHA1
4681cfed5df2ad6e4f52af979bef4d54e880119b

SHA256
e621e38c03d0e9381740c2f9c1cf2244e6a599b90f7ac43dfd688669b8290afa

SHA512
f2b7eb5aa5e8991b39a9dad3675ef494d252218aa701f6db1954b1d71bdf7b8b58542e9a324951e865d8c1a2ad117dd9490b0f72ec2b88245b7e3cabb151a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
47c42428090983167e57f630b1640ec2

SHA1
5b961f80bab816b08ad39449b09b93b7f1410110

SHA256
adba48de431bd6087dcea7c9c5d6379449e2109442a3cb93fed8abf87d540d4e

SHA512
65a79d924fdd9075c7203040f90774d7b0d3cc8723e6042101404344d8d60a77943ac2fc27ac06e62098cc2d7706d89a061417ed9ef862385f998257116dea8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
26daca0ad3b695324978189da2a4598a

SHA1
d2b7ed9599737b0739ebd5cac7622aefc696e7a6

SHA256
c1a0330b8b4ac626ee9fbeb18266e71569926234c64924e771372e7064447f62

SHA512
fafbcbe520a8eabce8f4269d02fb530f4066552f6407ddb89f5b42f0d3b27ce50dff9e5e52c777256b2c83d87ce57228537e1b5c82301724aa762c03d7cba96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9f9a205b6e15d211bc445eab492ab061

SHA1
0cd406a76ded331d5c3e2e0f053e2f11e531adba

SHA256
ec56edd0d59df4c6a260cc70b43196e1e0f506615ff942953ba61d4b84d53101

SHA512
f6b19acf4cd22f5958c4ccb4a4e521a72c7dfafc9395c6c40216e2cc54859fba3856b4b2cf4bfaa4282c02912954601bcaaf9d900ca6cc60e8660ee576a2aa2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d6782f3814520c44722f394326401cc1

SHA1
004d6ee0eec688e890ff8c4d76fbad13192e9fc4

SHA256
dbef0dce2af46633fea8685bab6ddd2bee9073cdc6e404e3dabb9a4a52c0ef84

SHA512
ad2ff05c5f5a535436aaa9fd8b970f09c72828261803daaf17cc08247a8ca7f8a01919db5087ff5acc529385928d4c384681f31accd76522cba01bfb664dea5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2c8a340099380edc96bd19ab09d6dd0c

SHA1
4a6c206e05e1c7a09940c78cd98a096e5ee8d85f

SHA256
206dc0e52165543f68f53f0b27c75cebd23fc9985334f7fb18026935b3a6bef4

SHA512
eea2af1a17472e5ef4a46709b5e12965bc1702d3f61d510eb0f33b7667dbd5228b363fdc9056847bebf98fbeeb50aafcea745f0fa8fa05e32d6b0395977a5b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9a0bad97a5d887c5b8d24c590474795e

SHA1
a6006da58e536b408546ba8edb344a406f7183a6

SHA256
7c399aab500bb20eff0b367607f3c4c2a7c0c00a42d789a06c909f90de713f7e

SHA512
08bfc8b510b28003d02be7511969b1f7fab12c0bb53c7b9309dada5c02f77168d90f83f8cc14bfa98f87fbc354563b4d47fe026160bf9c3e026e056cc4ce7d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6efc2f461e256d8001db728c5760e958

SHA1
be2c802a3da0c3979415807238545459f2fa5152

SHA256
9b6ff1b64d56f57f0380724d367d16c98542886c96cb9f2cdbf74fc878f802f2

SHA512
faf642120226d4d8b91901684a7b3345bb906ba160ce88fde1c8bb0ce5363d4a1375af6837248f61ca29a93f7f5a08e3441c342ebe20fc785f31fb448b821f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d9cceaed6b4cba5f5ae99c89b089d1d5

SHA1
16a92b14cab6058cc2b50ba41cbf9026cb4a1642

SHA256
6d5db75253a55046e45a13798b6c064a406e2bddd6f5f7ea6d5e06662d376f8f

SHA512
ebf4261eb800083d9b62bf1fb34787c6287d1f5fb8fbeeceb94db497d858a71cacc94b039f8ad0cd28ebf9d226946690ffdfbb4bda1b2ad89b14a9332da61d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dbca3d2563f6177f49d5b362df8f81f4

SHA1
dbe24acce8dfb8ab192f08a1923da230fc97c494

SHA256
ffcf766cabd7a182efe5cd558990d435a0985e4e60fa5bc8d16ca474aa84b102

SHA512
178baf9489709f72b07d394acad07d48f74eb501d4e275904888fddfd0af1ea5c35080a3dea46ae9c2c7ead202c91ea1cf331baf26293943b96116c33bd35d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0f4625975154ca977992d6a1729b6a9f

SHA1
7bad2a07c3987adc50f9d28a6b99d6a84dc6e7b0

SHA256
772ba2173b8d38f520d9cd8cbf9c0c9c6b69c2d4debaa80973e490d91f3fd65c

SHA512
78251bead74f20d80f9e7c91890566c5f30402b14d99b840f175f3176253a5ffb0128acbf7d9a55636dd1f3154573c1787b3b28c76c65edcf08c2a4d4d818277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
72d832b2a66b3d88c51d881541ae102f

SHA1
268283f0d059ca1400b1a85f3280054ed3b99d9a

SHA256
d4fd77ed77ba3955a44c99eb2dd51db8d0e59c49ecdb630b0155b481e689f1fb

SHA512
a7cb5233ca51a035c24e981086dc5a7bda3e4fd73e736b7ce5da9f6cf55a91d188c354e783092a72a574a18816a396c9855795e7fd886cccf788086805b50cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed21b6e9e9eff2a92b9ce39cdf62054c

SHA1
143d9804115f25787396dd65190f4699f7ce301f

SHA256
f5901c6629d5623a40a244dec0a9d98c5fb097b80758e9bc2592ce92733ffc28

SHA512
da78a7a22ac7a8b007f413ad898e100fd1d1750a82b7e6e1e528c7fdab27b3c2d01ca32460c02643c20a8db3b1ed62f5db2e72e7085a805b4465fcb55db8817d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5bf8358dbb7c018ae28bd019a364abe8

SHA1
10f01de5497da4b75b13fc54e37a79381da28a36

SHA256
1e48b056da12fd7c0deef28ab108072d671d3cf32e36ca75d715a8bafc3f35e6

SHA512
6a788703ac9664aafd06440bc1798f99f48d83e769c81835ce980f7f7b469fa839c5b9d0bdac3f54ef13b030ebbb0456d181fc6120d5acbc0140e5b2a7d3d96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3a39244c1ff9bcb0d9478a815c62eac0

SHA1
5abf5254d596349e7544069bccf065da9d8bafae

SHA256
8948eafc8263c9cc517c97684cb213dfa321926c3463d465a17eced5b2e09632

SHA512
60b098a1234df735ced5eccb4fd48d092415a639a062e082fbd7a77da54a3c889bb353cf53bcaa5fdba919310e2fe7daa2c6dcc93515032177545d69388ab517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a6059b115b0dcfa21faa5162ab53bcdb

SHA1
95821ca1468c1cf5ebc120d34f65b7c24a79501b

SHA256
e1358cc7aa76969956bf690bf7341c1669ac956a88163db941ec5ef3355bcd55

SHA512
688d88ecc7cb19d63a577a1c728d67379c6479ed3ab71cc1b5d92907e3a01d95ae4f671db8beacfd0d54c1d63f991846d20250c25eae75e64eea34a35c7e2c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
64515246e629e0e455464781794a6b25

SHA1
bb17fad971b9fe47fd3847e54b0b6bb6b0947ead

SHA256
b2a60d9b040010533a110a62b6e072845bae127200ec61d0062fbbec7d000a75

SHA512
6312fb8807c9d1513a28237fea203d978d1ee0f7a6a70cd512873a7f5a1c88ada668a8ef4180b0b4ecf2a2d9a21a030a835423a76ceb4829bfadb2b9569e2c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c853887862234ce06fa72773cb1e1d00

SHA1
6504119e0f04ca367195dfe29553a0e7777e13f8

SHA256
50b06921e83603c8675830ec1c0d530a67fd4732c52df11ff03135cdc21ece1e

SHA512
2bb01fb4a174822f44c7b8ae658449da683e17df85b1a2a879a30af8ddded6892ed3c593409f7bbed796acc65608b253406b87dd877bd838cdfcd45a6f3f0790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4c0123f2f4d8b52cabf11c1f51ce6610

SHA1
8e120bbdfbaa62619fb4ef837035d7a6cee4add4

SHA256
21232082432925e1487d4e743d199cbbf9731d3e2591dfaf324ab03a135b1eed

SHA512
d6b1caab705ec2828b204f3ecaea57105ede5be3d95286da11e3b498073c07f955c68cc8b33e77aa4571c1ad3dcec198fe054db8f51ad35d0ada73675a057154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
17f02244df9c636dfa425eb11d473409

SHA1
4599f32727ceaecd05d9e2aa8176b04d59deb551

SHA256
f28acd8d125eb89b5cc03ffa0f6c31eed5a93992a1776ea630cb095eb1a14722

SHA512
6ea19f8df9081e6b3a6897c7aeab476faa9b73c36a739250590313638d661fbca8aa08cb04ef28eab9f0b475fdb9d92a148de45ddb45451bfd8b5428b3fd62d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4eb59cb9ed7d23ae90ae91dcef12f02c

SHA1
01532d99ac9da93cc013890c07840a6ae05fa304

SHA256
5aec672f986a8149dd152f875c7dedca26093e18fbc7d6cf9c0620ca0b62b7d8

SHA512
e257d5f021fe51611db159566da518c91753bce86e565d9af8cafa70d7a9de9db0b9d16e96558c17670c098aa67c1c1f13731c5b1f34484c93aa62ae39943bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
686f61c484404c5e4e7ef206d76e96e0

SHA1
4062339e9967f69934f4e971cb782c62e9d6047a

SHA256
cfefa2c4215ba233aabfd49f9916e21cc12fa7b00c3f822b73170427444d9942

SHA512
ccbcdeb550db08289ad8c9ce457afc072c6e016bbc43f763e661a3eb978869799f7a07634e4283e5a1c34456a7646f80a9d257c7e4db95005f351df1f0c1654c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7b0f522ff7ec180388d342495c8f3623

SHA1
2722edcc6f33226fbd12bed6faa89cf959039716

SHA256
e32a27b062c1945fe40b0315e7166d17a1bbaa965be1337f21edf15f5c5bea08

SHA512
825550d2ccf5e50ae434253b5fc8fd85f83d4f6d5b8f6cf958a1ed9e57acdadb70fb38a8ede570636f1fde69c7935bb0a3033c5475eab0e7fc253f924a48b520

Download Submit
C:\Windows\INF\c_fssystemrecovery.PNF

Filesize
4KB

MD5
4281838792fa08098b7c14d84e4480b1

SHA1
6f720ff8876b8a7d5573540ef604c56a656bdb09

SHA256
9370738c2791a7fa5d7def09b3eb1a708092b08ffe88f8252991096d93885c65

SHA512
20af48d4ffcc5c8d585cc0f3755b95be0e085603f1702307965c1df3aa66f2536b18631c7a5b21c8d2dc9152c8c5418f4b0a45a48b897e5022be682483caa3ad

Download Submit
C:\Windows\INF\c_magneticstripereader.PNF

Filesize
3KB

MD5
3d90c654c1c16f1896adeb668a8859fd

SHA1
5445b6acdea83263770ee2e0bf9e6a664fd142bb

SHA256
a92e905f36eed31b38dd47ad17811974a3ba31fc29e4947fb91b31b768f1ea38

SHA512
1f93858660099db60124af364e3d568c6271f724a15f1fd4f3b081f080224748f70e0fc053e8bda77e15d5789424d9afc4e27bcfcc1f869d2cc90a590bdbadbd

Download Submit
C:\Windows\INF\c_sslaccel.PNF

Filesize
4KB

MD5
70af2600a0d71bc84b3899bfedce310f

SHA1
6257311bb37c59e9e9d093809f7fab37a6b00ec6

SHA256
dd432f0ab73389634cf878bf722606fa591eff889b5e6221b42b882fad5ce021

SHA512
dcb7b9129d7c8c667ec7f1a8dee5328add3a884808f18b960ca72553edb985d567b875fdc5bdb77ba19df4937f9669c118b2a2ec8a8b452e10ca50976fa3015d

Download Submit
C:\Windows\INF\dc1-controller.PNF

Filesize
14KB

MD5
1fb296ca51785eb27dd289ceb90e8082

SHA1
0024d66ce2c3bd8d215e2a75c78bac3b5bb6fb5e

SHA256
45a627584acd8f55ac0f185b736d4fe8b1b8448bc43429a6d5eb3dfc6e0619a7

SHA512
4180b4bdf466f19ee52067cbddf4097cfe4898bc7bce044e986564ea6ba583c89e50869f33af65e2df565012f451ea2ae3b7be04c3d0c2c42de2a1ee98b34e15

Download Submit
C:\Windows\INF\digitalmediadevice.PNF

Filesize
7KB

MD5
b990e13e158a80bc6e38ede4bc469bfc

SHA1
4a7df1f5185791d65ba3e08aa75ea0562523021c

SHA256
c98cc99759c057d472c446ef8b2faec36fa46655a5353599d40095e327a363bf

SHA512
aab93b50bb4a8f9c591dbe802d7f642260c2f45b8bb921c5d07b5d248d5d25128501ef7740355e088e1913957582748569e7944ab92fd077ee3cfa2d8855d160

Download Submit
C:\Windows\INF\remoteposdrv.PNF

Filesize
8KB

MD5
22fa8dea175af62c3bf02ff59cab5df8

SHA1
a261dbec3fe2f8075940fdcb78eff26dbd3fb9ab

SHA256
fedf58092d6a295af9d7b2cf0a2e83eab21cb1ffe2639b599d64bccf3de7f519

SHA512
a8d5c7a42d8913876b0a0d6a154df0aa4a7a1b16572405e15d87b54964d92c20d2b0c65f4c2419dbc9318a54c85c05666f5050565d26f8e348bea389c6e95567

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/4820-444-0x00000206FDC50000-0x00000206FDD1D000-memory.dmp

Filesize
820KB

Download
memory/4820-394-0x00000206FD870000-0x00000206FD880000-memory.dmp

Filesize
64KB

Download
memory/4820-414-0x00000206FDD20000-0x00000206FDD21000-memory.dmp

Filesize
4KB

Download
memory/4820-413-0x00000206FDC10000-0x00000206FDC11000-memory.dmp

Filesize
4KB

Download
memory/4820-412-0x00000206FDC10000-0x00000206FDC11000-memory.dmp

Filesize
4KB

Download
memory/4820-410-0x00000206FDBE0000-0x00000206FDBE1000-memory.dmp

Filesize
4KB

Download
memory/4820-378-0x00000206FD770000-0x00000206FD780000-memory.dmp

Filesize
64KB

Download