734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

Analysis

max time kernel
909s
max time network
1208s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Size

12KB
MD5

13a43c26bb98449fd82d2a552877013a
SHA1

71eb7dc393ac1f204488e11f5c1eef56f1e746af
SHA256

5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
SHA512

602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
SSDEEP

384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

1812 MEMZ.exe
880 MEMZ.exe
3636 MEMZ.exe
2380 MEMZ.exe
4588 MEMZ.exe
1888 MEMZ.exe
1608 MEMZ.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
1812	MEMZ.exe
880	MEMZ.exe
3636	MEMZ.exe
2380	MEMZ.exe
4588	MEMZ.exe
1888	MEMZ.exe
1608	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 3 IoCs

Processes:

mmc.exemmc.exemmc.exe

description	ioc	process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 60 IoCs

Processes:

mmc.exemspaint.exemspaint.exemspaint.exe

description	ioc	process
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exemmc.exeTaskmgr.exemmc.exeTaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies registry class 64 IoCs

Processes:

explorer.execalc.execontrol.exeMEMZ.exeexplorer.execalc.execalc.execontrol.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	control.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings	control.exe

Runs regedit.exe 2 IoCs

Processes:

regedit.exeregedit.exe

pid process

7584 regedit.exe
9584 regedit.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

1928 explorer.exe

pid	process
7584	regedit.exe
9584	regedit.exe

pid	process
1928	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
880	MEMZ.exe
880	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
880	MEMZ.exe
880	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
880	MEMZ.exe
2380	MEMZ.exe
880	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
880	MEMZ.exe
880	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
880	MEMZ.exe
2380	MEMZ.exe
880	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
880	MEMZ.exe
880	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
1888	MEMZ.exe
1888	MEMZ.exe
4588	MEMZ.exe
4588	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
4588	MEMZ.exe
2380	MEMZ.exe
4588	MEMZ.exe
1888	MEMZ.exe
1888	MEMZ.exe
3636	MEMZ.exe
3636	MEMZ.exe
880	MEMZ.exe
880	MEMZ.exe
1888	MEMZ.exe
3636	MEMZ.exe
1888	MEMZ.exe
3636	MEMZ.exe
4588	MEMZ.exe
4588	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
2380	MEMZ.exe
4588	MEMZ.exe
4588	MEMZ.exe
3636	MEMZ.exe
1888	MEMZ.exe
3636	MEMZ.exe
1888	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

Processes:

Taskmgr.exeMEMZ.exeTaskmgr.exemmc.exemmc.exemmc.exe

pid process

5456 Taskmgr.exe
1608 MEMZ.exe
5180 Taskmgr.exe
7040 mmc.exe
7896 mmc.exe
872 mmc.exe

pid	process
5456	Taskmgr.exe
1608	MEMZ.exe
5180	Taskmgr.exe
7040	mmc.exe
7896	mmc.exe
872	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious behavior: SetClipboardViewer 4 IoCs

Processes:

mmc.exemmc.exemmc.exemmc.exe

pid process

7896 mmc.exe
872 mmc.exe
9692 mmc.exe
3472 mmc.exe

pid	process
7896	mmc.exe
872	mmc.exe
9692	mmc.exe
3472	mmc.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

Processes:

Taskmgr.exeAUDIODG.EXEexplorer.exeTaskmgr.exemmc.exemmc.exemmc.exemmc.exemmc.exe

description	pid	process
Token: SeDebugPrivilege	5456	Taskmgr.exe
Token: SeSystemProfilePrivilege	5456	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5456	Taskmgr.exe
Token: 33	5584	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5584	AUDIODG.EXE
Token: SeShutdownPrivilege	1928	explorer.exe
Token: SeCreatePagefilePrivilege	1928	explorer.exe
Token: SeDebugPrivilege	5180	Taskmgr.exe
Token: SeSystemProfilePrivilege	5180	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5180	Taskmgr.exe
Token: 33	7040	mmc.exe
Token: SeIncBasePriorityPrivilege	7040	mmc.exe
Token: 33	7040	mmc.exe
Token: SeIncBasePriorityPrivilege	7040	mmc.exe
Token: 33	7896	mmc.exe
Token: SeIncBasePriorityPrivilege	7896	mmc.exe
Token: 33	7896	mmc.exe
Token: SeIncBasePriorityPrivilege	7896	mmc.exe
Token: SeShutdownPrivilege	1928	explorer.exe
Token: SeCreatePagefilePrivilege	1928	explorer.exe
Token: 33	872	mmc.exe
Token: SeIncBasePriorityPrivilege	872	mmc.exe
Token: 33	872	mmc.exe
Token: SeIncBasePriorityPrivilege	872	mmc.exe
Token: 33	872	mmc.exe
Token: SeIncBasePriorityPrivilege	872	mmc.exe
Token: 33	9692	mmc.exe
Token: SeIncBasePriorityPrivilege	9692	mmc.exe
Token: 33	9692	mmc.exe
Token: SeIncBasePriorityPrivilege	9692	mmc.exe
Token: 33	3472	mmc.exe
Token: SeIncBasePriorityPrivilege	3472	mmc.exe
Token: 33	3472	mmc.exe
Token: SeIncBasePriorityPrivilege	3472	mmc.exe
Token: 33	3472	mmc.exe
Token: SeIncBasePriorityPrivilege	3472	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe
5456	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exewordpad.exemmc.exemmc.exemmc.exemmc.exemspaint.exemspaint.exeOpenWith.exe

pid	process
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
6584	wordpad.exe
6584	wordpad.exe
6584	wordpad.exe
6584	wordpad.exe
6584	wordpad.exe
6584	wordpad.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
5432	mmc.exe
7040	mmc.exe
7040	mmc.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
7876	mmc.exe
7896	mmc.exe
7896	mmc.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
8088	mspaint.exe
8088	mspaint.exe
8088	mspaint.exe
8088	mspaint.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
7384	mspaint.exe
7384	mspaint.exe
7384	mspaint.exe
7384	mspaint.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
1608	MEMZ.exe
7340	OpenWith.exe
1608	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 2232 wrote to memory of 5112	2232	cmd.exe	cscript.exe
PID 2232 wrote to memory of 5112	2232	cmd.exe	cscript.exe
PID 2232 wrote to memory of 1812	2232	cmd.exe	MEMZ.exe
PID 2232 wrote to memory of 1812	2232	cmd.exe	MEMZ.exe
PID 2232 wrote to memory of 1812	2232	cmd.exe	MEMZ.exe
PID 1812 wrote to memory of 880	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 880	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 880	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 3636	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 3636	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 3636	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 2380	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 2380	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 2380	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 4588	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 4588	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 4588	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 1888	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 1888	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 1888	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 1608	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 1608	1812	MEMZ.exe	MEMZ.exe
PID 1812 wrote to memory of 1608	1812	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 496	1608	MEMZ.exe	notepad.exe
PID 1608 wrote to memory of 496	1608	MEMZ.exe	notepad.exe
PID 1608 wrote to memory of 496	1608	MEMZ.exe	notepad.exe
PID 1608 wrote to memory of 5040	1608	MEMZ.exe	msedge.exe
PID 1608 wrote to memory of 5040	1608	MEMZ.exe	msedge.exe
PID 5040 wrote to memory of 720	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 720	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe
PID 5040 wrote to memory of 3196	5040	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:5112

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:880

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3636

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2380

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4588

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1888

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1608

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xfc,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
5⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
5⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
5⤵
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
5⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
5⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
5⤵
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
5⤵
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
5⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=216 /prefetch:1
5⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
5⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
5⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
5⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
5⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
5⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
5⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
5⤵
PID:5504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
5⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6488 /prefetch:2
5⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
5⤵
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
5⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
5⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
5⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
5⤵
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
5⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
5⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
5⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
5⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
5⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
5⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
5⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
5⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
5⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
5⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
5⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
5⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
5⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
5⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
5⤵
PID:6196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
5⤵
PID:6432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
5⤵
PID:6232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
5⤵
PID:6548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
5⤵
PID:7056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
5⤵
PID:7100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
5⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
5⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
5⤵
PID:6368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
5⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
5⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
5⤵
PID:6932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
5⤵
PID:6564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
5⤵
PID:7124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
5⤵
PID:6396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
5⤵
PID:6660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
5⤵
PID:7096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
5⤵
PID:7104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
5⤵
PID:7244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
5⤵
PID:6824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
5⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
5⤵
PID:7608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
5⤵
PID:6992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1
5⤵
PID:6768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:1
5⤵
PID:6972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9800 /prefetch:1
5⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
5⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:1
5⤵
PID:6288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10036 /prefetch:1
5⤵
PID:6580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
5⤵
PID:7864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10280 /prefetch:1
5⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
5⤵
PID:7068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1
5⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1
5⤵
PID:7892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:1
5⤵
PID:8124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11140 /prefetch:1
5⤵
PID:8668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10812 /prefetch:1
5⤵
PID:8792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1
5⤵
PID:7396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:1
5⤵
PID:8108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10708 /prefetch:1
5⤵
PID:9148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10744 /prefetch:1
5⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11480 /prefetch:1
5⤵
PID:8040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11616 /prefetch:1
5⤵
PID:8432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11780 /prefetch:1
5⤵
PID:8832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11304 /prefetch:1
5⤵
PID:7400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10520 /prefetch:1
5⤵
PID:8584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11604 /prefetch:1
5⤵
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
5⤵
PID:9112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11624 /prefetch:1
5⤵
PID:6164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11952 /prefetch:1
5⤵
PID:9764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11652 /prefetch:1
5⤵
PID:9788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10296 /prefetch:1
5⤵
PID:9276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:1
5⤵
PID:9464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12048 /prefetch:1
5⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12504 /prefetch:1
5⤵
PID:9188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12680 /prefetch:1
5⤵
PID:9912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12060 /prefetch:1
5⤵
PID:7916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12536 /prefetch:1
5⤵
PID:9544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13012 /prefetch:1
5⤵
PID:8336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12996 /prefetch:1
5⤵
PID:10076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12488 /prefetch:1
5⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13028 /prefetch:1
5⤵
PID:9096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13236 /prefetch:1
5⤵
PID:9868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
5⤵
PID:7548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12020 /prefetch:1
5⤵
PID:8972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13340 /prefetch:1
5⤵
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13332 /prefetch:1
5⤵
PID:10312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11568 /prefetch:1
5⤵
PID:11192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13464 /prefetch:1
5⤵
PID:10388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:1
5⤵
PID:10964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13464 /prefetch:1
5⤵
PID:6224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13292 /prefetch:1
5⤵
PID:9660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13236 /prefetch:1
5⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13836 /prefetch:1
5⤵
PID:9616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14312 /prefetch:1
5⤵
PID:9364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12844 /prefetch:1
5⤵
PID:10836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14300 /prefetch:1
5⤵
PID:11260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13352 /prefetch:1
5⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13536 /prefetch:1
5⤵
PID:7224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14224 /prefetch:1
5⤵
PID:11760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14472 /prefetch:1
5⤵
PID:11384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13584 /prefetch:1
5⤵
PID:11920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1
5⤵
PID:11396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14492 /prefetch:1
5⤵
PID:11480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14504 /prefetch:1
5⤵
PID:12020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13976 /prefetch:1
5⤵
PID:11488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14224 /prefetch:1
5⤵
PID:10180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14316 /prefetch:1
5⤵
PID:12220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13780 /prefetch:1
5⤵
PID:9244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14660 /prefetch:1
5⤵
PID:12104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14604 /prefetch:1
5⤵
PID:7728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14428 /prefetch:1
5⤵
PID:12168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12940 /prefetch:1
5⤵
PID:11812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,11559512056052338557,13277732833366530432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14588 /prefetch:1
5⤵
PID:11692

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
4⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
4⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
4⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:4620

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
- Modifies registry class
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:1932

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
4⤵
- Modifies registry class
PID:6908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:6380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x100,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:6408

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:6168

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:7120

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:6584

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
5⤵
PID:3984

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:6976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:6704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:6876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:6856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:6480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:2328

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
- Suspicious use of SetWindowsHookEx
PID:5432

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:7040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:6352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:6572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
4⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:392

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
- Suspicious use of SetWindowsHookEx
PID:7876

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:7896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
PID:7644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7700

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:7468

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:8088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
4⤵
PID:7588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7144

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:7584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
4⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:6596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7660

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:7384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:8032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5196

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
- Modifies registry class
PID:6508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:7364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
4⤵
PID:7248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:468

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:7220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download
4⤵
PID:7420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:8600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:8616

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:8440

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:872

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
PID:8996

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:8436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:8980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:6184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:8904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:8916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:8624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7316

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:7356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:8456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x48,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:8324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:9700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9712

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:9584

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:9304

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:9648

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:6468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:8912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
4⤵
PID:10028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:8524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9888

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:8792

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:9692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:8208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:8508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:7860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9520

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:9020

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:3472

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:9588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:6776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10032

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:9868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:9800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9184

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:10796

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
4⤵
PID:11204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:11140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
PID:10220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:10920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
4⤵
PID:10884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:10640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10644

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:10152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
PID:10780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:9172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:10864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:1436

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:1032

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:9404

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:9880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
4⤵
PID:10504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10564

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
PID:9272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:2296

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
4⤵
PID:9616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:11688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:11700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
PID:12264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:12280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:11668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:11848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
4⤵
PID:11536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:11316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:12172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:12244

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:11396

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:11632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0x120,0x124,0x100,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:11584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:10992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:12252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:12232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:12212

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:5948

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
PID:11764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:10896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:12128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
PID:11260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:11368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:11488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:10676

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:10372

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
PID:10160

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:10660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:7812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:10632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:8172

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:11816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:11812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0xf8,0x7ffa9cf146f8,0x7ffa9cf14708,0x7ffa9cf14718
5⤵
PID:11652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5584

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:1928

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:8188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7340

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\770580bd-a8c3-4299-830e-148f7e85a5bf.tmp

Filesize
11KB

MD5
302048fad22b431c52b47f839fef262b

SHA1
29c2c1908ae9e4ee51b6b437261f9c974d17c6bc

SHA256
8f364755a99e2744cf3e0b611c4bc9b074bfa1a503d85f7c1710bcfa8a9ff49b

SHA512
0afed7274cf4ee81c3ceec479e664008f04eb3b66b9f610d8bdba0b6a3b024ccf914fbcf42b097ba3022be9a7ba1a2f50a6cbba46300bef58d6198b987b8c24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
2d4ce42d28f659b37f5064b0065f243b

SHA1
43464a744e67aeeff13b277815a251e9f8046baa

SHA256
c75dfc30343efde36ee9dbae87477e57f583f2e85e67f44166be29e63514a77c

SHA512
31731cc9dbfef798f504933ec970a1070a527a57a79a32f63d9518d3906200e554396521047a152159e38feda8ca0ee9d639dd4175d8eb7d4276ca532884378c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
44KB

MD5
88e4aad8874000d8f74fc868e2e740fa

SHA1
f1d7da246d2ebc34aae3ce6b5fa0e3b3d53f7e57

SHA256
0c2b3ce4e2356775e5252c95a6f72ecf604ae94a3a0437830c53448c41bbde4a

SHA512
ccbbb9752eeed400c94f9b89d797cb289c821b24aa549a636c93bcf1198458b3e388e5499d399a5fa9ac6709516a0699ecd07043b38b522912cdd7454e47da22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
16KB

MD5
68c477c4c76baab3a8d1ef6a55aa986f

SHA1
4af50379e13514558dd53d123db8ea101ec5e24c

SHA256
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

SHA512
92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
125KB

MD5
94dd2c3a8963ee21099bc58d47c9a4cd

SHA1
c006829dce7365ba9bb4a25396e7b9a3cc26a2f3

SHA256
cfe9e302ccfaab40fce51a54e48803a0620409d2fe8324b121f570a6b84f4f6d

SHA512
ab54677b14b20a8de72f6894a78836bd243dcdd733345dfe1a0bdcd0f6fe8ebbca07ba7de4e83946f039085e02876953af67be43bc060018658fe29a08523038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
0627ec86dfad171ba217bbc765326ed7

SHA1
d83f8aac9cb272a8825602735e3766f4975d5c68

SHA256
d53336707c39d1ec20a2b1f7399ca9f183c45592e215a42fd596dfa2dbb8ad7a

SHA512
a64bb605c4c4a1d3a3905155e9f52b4c59abb95fffc61aa1405d6d4e4687ac308ef4104f897770ad8c7001e40f91f68eb35041d693367a970aab2a86e80150e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
4f083b7a6dfb7bc0d1e8c352551020bb

SHA1
bdf6b7ba72f325081ada555c1eb84607981042b5

SHA256
107f071fb99f39ec3992498320ecbebcd3cdf14441252aa10819826d38f62383

SHA512
f6ad30a8c4e047a070f79f460d27dc1285b58a7efb92a9d84bd0bb66523b935a6851323c12e1f86db5764872270dbc433d0a6a68f471f2e1fa1d9444efbffecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
25KB

MD5
e9288ad4996a756406bf5d71ecf86454

SHA1
83f8c657655c54b1a89cdddec136a0adebb10638

SHA256
6e3a858b382a60fed8c949a3962b2ba55ef3b8bf954a8c7439554cd178f0bc86

SHA512
6cf46f85f1a70973d08f96fd0f33294c38fd20879c7e26f563c5726df3eb507a3f49ff82bb2a46e0d0aed44e5f6552c56389835afb6632ef8cbf1175cca4d1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
28KB

MD5
0a327ee086a818d7d54af36baced0f6c

SHA1
74615f49b359a3a4c944c643f4bc7755c2177dfb

SHA256
c1a02eff7911883e25c8702d5f7f4cfc06a75cabe3f6572246a10128f5635962

SHA512
54a95383befb800138981dffc9cfd736242372f91dc26c1054238337d65d5d88bc39e2baa40f62db9a08e9d8b29a9d6efd319aa7f739addd5d4cdb55f2662f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
85KB

MD5
eaffb651761d72103d2db89b0450d836

SHA1
c9741b1fb4e120f3fb623c2802165017f2f9d5d5

SHA256
66c406456e550f148bfc404acee66ffa720233343a82a716a7b1109215fff20b

SHA512
732eee3f9d338e80c99064994fe61eed38d661bc3188f9ad14c24fb3c7e97182ca53e05a2cbd5e5c8daba7f793736ecfe0d0ac90c8d1a25bc69eb0b79034df4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
94KB

MD5
00d0c47809c5d4f4582ff03c2a010b4c

SHA1
9b3d3c942b5352077abfb99c7d4c9e5c2fad7868

SHA256
6f2e421099bcbcdfd660d1d7d93c42a55fcf7fc3d1c30f61f54d8c1cf0d0f4e1

SHA512
8398aef56fe7d299e671363785245ea1497d6bf9daa9e11e68d41cedff47c10bb299bb3faab28b70f1b1ec4e593b2ab08629281d3e5e269dd3e4d57e47361302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
36KB

MD5
1520b83a25b02ac8ad7b8063543250b6

SHA1
701ff60e0c854226352b88ec551971afcb0bc95c

SHA256
2c3e3860c11ac9e5b7779f9c0edeb4f4384c0d09471817a689426aa02140f0a2

SHA512
590b88a4042a12b107f909ca0696b623b6948a682dae65a9b0cde11a5a8fd8da1ddd8eda9dc5562259f7cc54071c52bcecd11db0fd08b997bfc8c581376e0fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
31KB

MD5
19f96c8449746bbda44bb4d71b9466c7

SHA1
4b8de6fff474cd0ef98e80175eb0964623efad60

SHA256
cef5ba8ceb1cf5584b3ab7c6b378cb05d96665d6e5f441006aef77292d3e6d6d

SHA512
bd8d01f36b0565d459432add7e6b05c3bdebac67dae3bd39efbb2731fac659a6aa9807cdc01d5e7a1e729107faa9d165756a5fa8666a9363439af6526f27f872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
33KB

MD5
c0a4d9b180cd2276de6895d5db59a173

SHA1
4e5b13ca7d0f84a688b7aa983b19002895d76a78

SHA256
1a5476cb00cf3d8cfe2f4ba85a3d3dbfc6ab72c86be5cc29fd8b9d9cddeadaeb

SHA512
c32726affc9c1865f15061269c591983538270f8f28b0fa0315027abe14c570cc8a416f6a8f461235f02f43d5176e3321e096694de7ad3aa4e2333e9881f8bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
58KB

MD5
5cee91b3477d18e3241e8e964f2d00ee

SHA1
00e6cf18d2cf6ba9415b0ed2c3d2c14670203674

SHA256
ff36315627cd631c44ce747d353c9a2b4f58dac2751aaa1d1588669ddfd3b1a1

SHA512
eb04f2882179f8df76b74f92a97393ee4e85c0e23075745c9db8c123f0385052b8670cafa3be844b46db3dd4724e63ddc4fdc86f932a5a0e69bf1cca0fd058b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\034601b69374d251_0

Filesize
397KB

MD5
91880d23c18b32c90afdc213b58c7cf5

SHA1
cf1637acc202465fffe6c8f979bd308445b22fd3

SHA256
61eb30fc8996ad5c8e237e39d8c41ca068aa80649c48e6f3e2b251fbc8562fed

SHA512
d3144c6d2267ab8fed0a0ed0d420ed46dbda2c04cb2d61e8bc48c5cfaf77f479498f66ebc6f74e88e0bcfdaf89c458514a0e14b3b847108b3a7a0e009a72d71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\202b42ff8a76f338_0

Filesize
72KB

MD5
7b7092dcb75a217fb47ee1fb2ba439f9

SHA1
d6966b90e49d90525b9337884d8e30c0a8124421

SHA256
9207ccfbad4ac533635c009925673bce988e0a6104b0f835ea3fac9d2869c571

SHA512
421e268feab58bc33f920d9fd7c4bb0578aa37764ee0ca465525cac8f651ba5fcea1c84c0e672aa50f8d0ca45a89e333966103a4f9302d2f5a83a51125371759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3747f1d27f75da0e_0

Filesize
387KB

MD5
07ff6b379adb087df329971c938c7ce5

SHA1
4de7c8cf78f6096cf62c46ca5be8616571d4074f

SHA256
dec1aa9bac6fa030e1573ef8dbc1c06250d782b5f78f09813b54e2bc79f49004

SHA512
0867de923ea6d2c30216e8014d0f5fd7e150e148dedd7b2def2c5eb38787d956b26e6e5318fc2e28cabbd1edd8a8be5a642febf62b8ba54942ad540a1f56afb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c40689ecf0fa7f7_0

Filesize
340B

MD5
246c42312365967f673ca575395b9621

SHA1
763e2eca7a0f79c21021e5f8a5167ef55ea7d0db

SHA256
835ef5eb0080164746e5b9d25534104a8a68f02bfd5271e619ba5a294f529197

SHA512
3fe1827d14431ca36ade033fc6f9fdc08e35118c329d11b0ec420dd01f1f6a91eda9fb5885274c0af97087c12018486ac8ad534f59af38c34c7e66f77eef617f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f643db50b33ddc9_0

Filesize
295KB

MD5
1b439b99c2264c97c59e7d68e1deff06

SHA1
e91dc487e3a74dc38365222a35791ebeda9fff08

SHA256
19057aa656a5b937b700bcf67e5d83245c943bfefbf0390d4684ca7c7820a62e

SHA512
295528b96711f6b50b6935b92909110b3335a82612dbbf669ea3fb71f82a8d4040663719ba3f83c6b7b6bc92c9bfdedc25bdc5dcf63685a08e0ecbc6bb3ac02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fc9361b63c077d0_0

Filesize
5KB

MD5
aeace529a3dfc5a6c47a8d5146d1c44c

SHA1
98c9f6fe801f944e41b43c24a17acc723e081fd1

SHA256
39817dce0fc7449ec82061847f93cc9cb2eeee1cf65619194ccf6b353d61e6f1

SHA512
4718c8e9ebae348c99b0b748f0b8f5ee8d5d034d5b9dbbab13300d7ba850b7eee709003c82442652219bbef37248925b83d3934e05481ef36aee18a3b2ea0365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52286b827bc8f59b_0

Filesize
255B

MD5
40eb0d7a9fa1933d60d6caba06da5c5c

SHA1
95e97b18a2d0ac252d25de5df6f53d3a524a0f62

SHA256
35cf9cbf27f5f7980ebfe322d9787e42f49626527b7f33ce489d352f24175924

SHA512
26fb5c66d94be8da5b144f42ba56185c29d0a56103adf64114acccf2a7355c781c105328805dfe9bf7ce46a17b6b26fade706765d9ce3459966c582b7f952425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5265415443741e98_0

Filesize
263B

MD5
e1a4fa3613db1e059c87657c24ebfa0a

SHA1
e3f904ca91932fa91caedecde35d4ebc5f41eed9

SHA256
1a2c7f4710bd84c41b90ae153a05f8ae1f627d2cec39ec40287cfd434d408cb4

SHA512
2936bb71f065b0221c6c416500f20d99cb24581bc799ad310d2d4e7efdf7a4b1f497d5b14b60c6261706d801bdfc974c476a6b66f1c8550ea4efcf39e9604219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c5bce7e97afc2e_0

Filesize
18KB

MD5
5ed2c374bb830ca78dfdb6b14ce30c12

SHA1
a71f1d6d5837af90a1258f57a2f232d2f368d3df

SHA256
f20250b14a0ea2445f9bbeb3843f957500dbb4b3dffd1cc9b840ae1a8666d403

SHA512
34c6fcc680db0fa60e5a1b73dae471c91a57e566035895079e0e1b779e9c07a1c832b563dceb6ba2f818581e2badc9063c2d1abfee8db70b049bf00a104c9edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a75e188c5bf6645_0

Filesize
335KB

MD5
9370fd7a8a217b869ced0fc358f397f6

SHA1
7910ed0dce6db23fdd09d459febed30089cc1cfe

SHA256
3de3221891535129f74fad7f76e363a67c1c8fbebbd184375e4e75079bf01103

SHA512
0c9fbe2624db10736e2191cb75ab941c71cf76af181a57a2ed9b96a03ef93b296d038cca4d79a9dcdb6a9e6bf6818933a1507cb5b73d3d030ee58792bc12c059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\750c27a88d441f7c_0

Filesize
310B

MD5
a368e07d2ac99688d1eb8e2cd7aa6569

SHA1
38fe04188004aef60cb1eb54acd18bedafc49b47

SHA256
8d0a8772386ab2b779e0b55a8ea5f9a0e8dd562c930aa398b11dbc04635dde65

SHA512
74b78f302fcfac8abae3443358353bba5e533a657ae09366fd0008cb349f0d38ad9f9e65969ce1a98089079a0e0fa8708e5c1f46894019c9f851e5ba19f27548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
5b5f0444bb73e4f4fe3ecec2e959c578

SHA1
c2ab003c11cdd93dfc51240064040aea9fceac7d

SHA256
db046495bd9de81ede6af0983f4c2783ce01545ded8215d3a09922dafb924530

SHA512
051cfaed6ceb5b4f6a83a4111fadec8406348f7d1a3e6151d69d0da67bfc04583857de574abde354f4bb9b137170d14a591ba584898a9562bfe3988b13cf5741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
300379dc47b616c9fcb3938ea2f0b98c

SHA1
0ff4384cb082d1d0fc1d2433157bc86d1a098873

SHA256
7a1fb9fdc68e33e0520ee8d4a1d4cb75b38ed564fcb578d7e6eafd4e97611528

SHA512
3387c833300f7d4089d2d9e0ebba74fdc93bc9a3536b2fb2a0be74df278b8a1c14dc69173f451cef1df0d1c7ceb6231b03458115d6b4712dea8720a4ca43940c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
7babca369d6fc521c634650c6b0fb2bf

SHA1
457056e338648f5403a2a1f2a078aacee3aaa0a8

SHA256
721f9ea81f766ac60a50f1f9b22bfad9b3b9a1abd3e252ea6bf828981e8a31a9

SHA512
7a9ffe01d5b30ee97b1afc64d2d68db879ea75a838d6ddeda50f624f2e40bf5873f481a6b15cf6f5f5c010d1570c6585757f6e51ddcc5140517efa04f5f07c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
368d8dd3001dcc5f3ca59a161950ef15

SHA1
eabbdb3ac89328966afd3698f9e366e2849a69dc

SHA256
78f4da82bb175f958668642dba75b14d4c8fabfce7017f54fe658935c4d7628c

SHA512
ed9a59cfd9bd92b9ee9cf21a4c5c6895146a424595e0db9a54f2edbf2d2b4f1aeb4447c10fd1a1394cf9585da105fa125073fb361454cd51daa7f6c10d1f5dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b8884451e3b851b_0

Filesize
351B

MD5
661dd45b23c668c849ab6ea3795c4e4a

SHA1
ac9a4f390f9a068701f6139e34a15afdb917186e

SHA256
aa43f527a6e1189b15c726e7218d5c7cd3eb1ff68c0187c46757cc38f0173b58

SHA512
b0c349581fe12bb5dd0b2f383617c4fcb838f616057a91d4490f2242f9f541f594f719f7f40dcb6555a12149193153f5506e8c5f123fb41f3514ff178056bd1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\907b00371a7c8f01_0

Filesize
208KB

MD5
dbd22ca48756b2457067e8e0b668146b

SHA1
23eb38f63b146b3b9a9ca31d7ae7ad3f5e44973e

SHA256
3163e04937625670f1b009b2e435001b3e75d198f834168dd7d4f4cb5b2c3c86

SHA512
711cb0635ef3483a57f33c2f28d20709c412d74c25a975bd656950436a58234dd75f21df0c40318563d05eff5fa967a6312750f5a1d74463a112a538b6be5ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9b429550a76801f_0

Filesize
333KB

MD5
14d84c1ef7eb5fd2410623a7b56f53ae

SHA1
99070e81d03f1fbdbfcc02cd51e842676cf56fe7

SHA256
ed9a1e804c77039e29b63b5728ac429e6a1d5087e73b0716d95d4bdfbb9672fa

SHA512
51295a65ea73330235bd5cb7cc9c4f0202ce732fb9fd56ce2e65f80905f46d6ee97a86620ddd6eada3034aa4a9494b0d6f8d6da209c81236ce3956bde5ac987a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adbfcbb79a0a1c93_0

Filesize
397KB

MD5
7bdbe7410d16017e3920549bfec9a57c

SHA1
4ff363da0587fb34c6d28a161d65cdbcba1bad94

SHA256
5132390f82bc76bd5739f7de8da63a53aa0cf4b4912a575394ce4a8242f1d990

SHA512
e0328560846a90c01012e20d942673c430d3c1565f090a36848ce523c0d84122a6d9b68d63c80b58080cffceec755de437493e49f65e82e9f889f2befa305647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b901c195b2fa11b9_0

Filesize
78KB

MD5
9ca7bc9da9855f08e32d7aa9d5d71f57

SHA1
7ca7600343909e11531d13b284eded2700c00e85

SHA256
b6f993c49200d5aed15770e49873603b1ef2fb7b47b1854968762a4957c9fa48

SHA512
21457ef49391cfffaa2d773efb755e5e1301fa79efd1826a4eac6532182b0beccc3cf41f3f43f15cfd92b0baccff6c9d82ae5f2cb83205138cff605b4240dde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1e0b9ba2630386d_0

Filesize
317KB

MD5
5ebb0e2b0bc3ef1683415f2a4ec58221

SHA1
c8b524d4154a6a3b81b1d4b677e3ea39bf90254d

SHA256
d41583f47c2644e65d5cd43c468b661103f67e8bbefb6142dd97833507253d4a

SHA512
41601891c3b391640926590490518b386dbcd53e05f4f8ddc25d2128dcbb5e3d75952ae224e4c521d0627778ebd8d603b029378ba382df812c107449832f9309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e36b01d59ea3b868_0

Filesize
257B

MD5
db8f1fd84873a96cf136d10c72a034c8

SHA1
2617532688777036a100a8df1456897942e69a8b

SHA256
d0f877b66317643c4395ccc83ef54bdea12e9683b5d7f709241183aa74ceb512

SHA512
9e67045dcb1d2ff7dc5f9d444ed7039749a7b21d45b5a5562ef37aa1cee0082905c9a394c06b741230e2ebf22951dc0709b620cf4775a2163e8b474e1947984e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e378d5aabaacdcac_0

Filesize
397KB

MD5
da47036840695e503f7a87db40724ef0

SHA1
53b7e23a6d49d6c5e9d2724c425069d07337eef6

SHA256
8b0a5ff016298a6c44334b64e3dffe616b449710dc6f91bafdf6b1e58470a811

SHA512
dd6ef01b9e0ca698d0aeb35f7f1f9b2a3d8f54fc90c60b86567750d89f9d564478b5b5f2d84803946b3f75c827ef0ba7ebfe3637b7246f56d5787c1c38b0e260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e7c0ce440feae4ff_0

Filesize
283B

MD5
be4b1c2829157794d9d74fc284bdcff3

SHA1
5965e9e6fb68c58c2bff68d1c2c168d280a419b3

SHA256
384e6a6c07bd4409802415f4c6572e41cdaf2cf346a55ec0c9c263773cfa337c

SHA512
a868c7c65f62cc4d193031742f41bb07f8b76e16af207ff93dfa4940055c47737976e1ef68bc5ce37bcc4d4b7d92da7717348d6eac4b3a11856110089d33773c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b57bf635c06948946669d5dd9715d9a7

SHA1
fbd28745ef2d2063b746b5499117eafe99c53383

SHA256
d624dc6e970e36eac7f2750470915b64790e0c9c0e0097b1937e729cef945988

SHA512
d8e4db67c300916cc8c2a222481569ad6e34595c6c7abf6b4cf095247dbb850b5be4e8e5f27851be214def1e926ceabb89ee9595d6c0b80533653e0110b435f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f3890ba8436d93546b0d4d74e111178a

SHA1
a77877621531abc3274c0754a41336bf950f127d

SHA256
2dc2b93a088766cebb557712f3c6cf6fe2bdb32c82b4d04367e919ced6b2117b

SHA512
a351e9eeea1bb616812f9d312725c56e305103e76b4fabd3ae686e6bb9e112bf227215779e6397fd58e69c5a053d487eb04268aa06d9ad3dde79a219e2e0ca76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
46eca44a377ff41aa0ea34b6be1cff5d

SHA1
f137e737a64093b971ffdc9383e4c25711ee95b5

SHA256
cb010f257e66b586554e3c149316f9d7c1f6bb4b3acb006f6775219748ea8206

SHA512
c5c529d5537605a7322667598d145a9a6d0108c3db7c277d5f5673a34dfa8e0da92877ff265301679218ca41465a0a3a627d375fe434c5a9ca53f77c933b3735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
ad89d5deebc9d00697d3443f65d1e766

SHA1
82768c13b9edc2a2456c25f677576c4513944c3a

SHA256
5b1f68c71f19f7bba7e4548f44277deca06a28b9f15e1f7e9af546c869df3205

SHA512
c6f1bd6d5f11b2afe755488138032c29fb2554b0f722ea8d5082b8338381f3cbc8f92c97a7c5ace27e311d985318ac1bcc5aaaa00d92d29f7cf1b0f790fb127d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
cb37862094df71298171761dcaa69eb0

SHA1
a716b058dfe82b48d59a560b1bd096a8a173724a

SHA256
c8f72c0476b7b1ce69bda9208d9a7d94329eff4d295ffb545579f17a1eb9f35f

SHA512
87284cf6cfbccac8450f1847013c072e70b65e095898551fd441f8c1e65e94a74a3ac21d9f4d4768e35c58f7155a0e129e55d284192d96a0649c0cf0e3e32edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
5eeb678ebf4d7fbd48e330643c80b53a

SHA1
dacd5aaabf1cc0703c9e975627537eaac0b69886

SHA256
9be1217fa6338a264a8263e5844d96b19bfea5e28798486da8ca6f5ff5fcea4e

SHA512
a0381daae41a2a5e4fdd5eeafa20e52f388ef4c2c5bfa2cabe67521e4a6fa019cc47de6863c8371be1912ac9cb9bc7cb1d2a4d1e84723252471f9a8256ed9fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b56078cbb1089aa0f4e62a7bb36c7203

SHA1
e577fc31d8b81d198ee3f2e7d906331070d8d6eb

SHA256
92d6aea1e6319a57f239e2f802c6b0d72cf10acb4f367be6c50eba2375d07bb8

SHA512
b467ef06920541b4eb8f99bbf03d537a476d561439175d6ffc31091104c97c5002fc8420f0e77134c534faf3ed98fc8eb4ebc7075f7e67f642eafa4c06dc792a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2ca0ea1102a47e845004eaf7a4539738

SHA1
a5362695b94e7df65cda6124f24191c4f1ffbb91

SHA256
e54b7636604bbe795bb9b7b172f2f8b631ccf8b069cbdd6d7c44b1b772d3fc28

SHA512
1b7bf2a7dbcd6ddbeea3919f261f0a3ed99b9c1d862f61bf90491ae38aa4195b69bdb6fb27d5e91d772a55ec867559bb30a194917ffdfe423c61ff240232a368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
cb585bdc9092f747b66f977eb760c24d

SHA1
98df4ff95fa0f9f61e83be9c9ebff80499a1e607

SHA256
d5a6fffd199da2d2a9fb39c54dffed7b048d439d2d65d7f5162f1a40bb75bbd9

SHA512
afbc47bfd31106361b8360659759575430ff9f6c65561dca02901e67813e251ca7ab559e5938b91059c5d7272aefa015f996520ecd939ea7ddad11a840136f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
3fcf7786bac39b00db1c4b8998100ef7

SHA1
ac23f60cf3f35ff8bd03b1d797dc76e8dfcc5c1f

SHA256
569cf28a9c4497a599dd32a5d7692318a113adc64d9ef2197042a68e8425ca7c

SHA512
603c0b422e8ca881afb6e3b743a309cd381b9d9f88f2f6fe954135467274b109bf8a7ccff4378a9e70578d4a7d408ef0e1f98d0c1ba70ebedfdfd85e13bc8330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
464af15338b45da7ec5c69254a964142

SHA1
aa82a18a56273934b50baf49fa464b1d4d6ad143

SHA256
de12e47c74bae807dce7d52625a41f0c796e667e846b0bd516fce99504ba9477

SHA512
1d87b6e5c93c804d3f5be1c9cd986af592cfeaa3f7258b7e074be9289f001c08c9d36ecc569179213529fff528d52251e439d508de7fbecc64e976fdcdf4e371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
020276379fe695701f159e900d9dcf23

SHA1
b5b59c082bbd115f2409760091dcc868c7ea1f65

SHA256
592d0e131540186c7d06ac3c91cb95096b04a029fb4c2ac17684750e514c3359

SHA512
ecd59e44ee069a1519b053525dc9b4190310f89128e126a6e3d3a1efb980b74975ab4203d409cc8deff1a58e5adab6e46100cff47dff3c5821e83fc912b67981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e280944e2480082aa88a2ce96734be30

SHA1
ffc972c31ee0417988662462d7121bccd7dde90e

SHA256
a7b91d5189a208dfed12e4a4441fbeefca1f6d86eee77eca4fa4b88de31c1b89

SHA512
08ac6d27ccf0b8a337fab8331641ed9844c549a64a7b2085b7dccb05026c2797580fc4009239fb822bf23d935d80db78edc25639c8f74e11eebaf724de3fe023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
e8602815965bf7705dc3a78547583d17

SHA1
434649a90170d88f4f8960bb5c2c9e135f7400b9

SHA256
a7c78c3b0880608b9f06fa965855634d0f98b9de32bdc145dd144fda6fa64e81

SHA512
fb2fc5791dfc10eb7ab9303a2631956e1adbb201b6c3a7ea8ea836a1a2c2196b772e75f37e9424c8a2850c7f189e7861cbce638a41287ba31513751a4400e7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
626d0eb4b0340d5618d2623565df1826

SHA1
ee233084e5126948809ff0da83afeb5366e42a47

SHA256
881c105ea18f5836b9d1ec0cea794651819b25fa15da6da925ede6eec261a580

SHA512
902c9ca3cfd8f52a8d65f09cd11b60fc7f463cf240cc716d7ba1463ac180b878b863804096aba607e3690e0e1344c9c8125e3f74a11464bc10fbd74be4401cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
dec2aa0088f291feceabf8739f1ca8b2

SHA1
81f4cc242e4ca64c9403db844f9f1cf1a10e7707

SHA256
776ee8a44e83e47e15b159343e2c7fcb4f51541497f32d5f2210256882fb8ca1

SHA512
5d600203f7715475ccdda0d4866d65a9e2544ed6e7ceee2a8dc374ee08c0b494aa8f8c7091d02f2dfeede933434b928806db92fd0c7989d5b0ee1559cdfe5077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
0988c8161cfcfd0c9677b686426f4816

SHA1
d0d042496199fb5c499798750d54b352bf26035e

SHA256
a98b8a1411ad4bd720493010ff90f4862b60118429049b80ca3d26cf33c1cb56

SHA512
6720dc9cf19d8136700f30efcbb19a42fc2932bc53e4c59c2aaabf4183087c9fcebc32db383262d24035e442a2b02b7a1408f6f171166b3a13548d4ebc188d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e2d9daadc3fa74c310d9240d2fb4dab6

SHA1
95d26ee8903f51e64fc2fc8ccadd98cd7f45d10c

SHA256
3a24e6178f6d5fbeb7886281a5a15ad686039c43e2f366966153d74f91f338a5

SHA512
d18936616ca0dafc803bd8c5f51078889bfe288d9b59e9967b0eb8d3adfc0f8134ea3f398d5cb2b72b03e31ea40f507f85c5f3441bcd66de266d310cbe30b278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
98c7a725fb644769d536606191cb6c8f

SHA1
5bcecdd9d80d0e210556d1024ce28faed5657af8

SHA256
c1f418a291ff583561505c09ca4029e360b7c022f4e3094ae0d63f25215ea373

SHA512
c6692748f5547de774f7b2e87ea3e9a8960ba91d61f8e500bd4cbef18cc2318066ce4f0089a0d61ab5aa2a704f31fbed3c9fbbdaf7510f8ee28b60bc4350a26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
0bbdd81fdf6795044520c6afc378ec0b

SHA1
14a07ae76b0388b849cb66a252948dc35d97be69

SHA256
a53fa1c992e9a98e52ce6035b6c6b4cffeea7fc6931f1ff28c1ea5229c77ec0e

SHA512
2730d4318c1ddb47a03c3925d891f41d760885542dc205015255003c4357f32e8cfee29a77322bbe83861c42de5d1e1772306c89f43312c4422c9e9d7923a6b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
538a1b98544c0c699f422147f8dbc1ca

SHA1
8ebe1266308be93c17d9b3ff915a707f2563dfcd

SHA256
ad26da51134fb07d086671bd9c6a6af0def8aeced3ae3692c06fe8d9b6c0c4ea

SHA512
ed4f9d1dbf000ae30f5cbc662071acbf78643b05bb6a1c3b608c8ad6df553accef358bd601541dba143d39413bf03b3dad06f1bab5f334cdd6599dd28a9ff25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
49a0cc8d87c3c517e0e7a8a23cf1ae1a

SHA1
39bdb0d8822766f2b756f1029bd7fd903f5eb3b2

SHA256
f34b483b1250a483f858e1505bceef007ba7cb24594c197a8b891c2ff82b48d0

SHA512
e230ab6df2aac7ccd95f9db94a667fbf11060821faacea5ee62575afae23f0204eaec10eb87f5e42e7b2c0eb9b8a65374ff9ece2fe3f80c9da8d70414079e11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
f37974a0e6f0b9a3e02c0512d5015fc2

SHA1
95cf85a429d0ba45ffd123a4cd051ec8d6427458

SHA256
735a40671b17bad83799a1d003f1da2060a0556867f93b2093e3d267bbf07a1b

SHA512
63346768950c229c56c69084228bd0de1ca9c779cb2dbb368c9539f3ecfe44d8d3aa306f98d4490d1bdde672ffcb898a754940902c393cb9dc2397927215f183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8020691e6b76c0a981914d1d8e9c3e22

SHA1
801e1111b45553c3cfdce400d30d5314c83d740a

SHA256
d193c24bf081c107174c35c03ed7a7ac8ed504152849178da0d5c06b171f8843

SHA512
ed829262b2a4f0089fe8303cae740b9efd7c39d20654b6fee61794f4e703700c31ba8f24774f07c840d6993fe55eb4a6cb4a0f24e516d54dd047a2979bde6019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1006B

MD5
1cfca7fddb8c81b6f5dd9a3c2dbc14e8

SHA1
6815bc9229e9e7c67745359c6efdfc474fd818c4

SHA256
483ea5fe0ab66bd52169018e33cdbdd590e84e08d476bfd8792a04ecca0abc4a

SHA512
ae0dbfc2e1bd3cce8bb12a92ccf879bf3796d774c218428f196ee0ccf6856cbcfa5c7f33e08a590560df2454c6d9185f440016a6d600690f7c9750fb735f4fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7b213e229cd83c345d3d9c8556659f87

SHA1
7581e12bf8e0bb44ac6eae440d2396eec00ede4d

SHA256
0c0b93cccbd300616388609d36bd7afa71f9d48f06dd20a871fa963c0c484a41

SHA512
a69a8ccd12a70a820bbbe8deac99014774b349898f61fb3b43e0064b886026aefc367bdda3f5e6abe36f1874fdf66e230ea85000ad09fea9be5e7b5577e5bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
556122a50555b064c591246a24ad95b8

SHA1
b7d2e72c2ac538f7ef5417bbf11e35de862d5edf

SHA256
d976b093d83d6664674b048ff96e8d21194db8321e6813af580fb6e9289548e3

SHA512
029e2a622eee20e3ec9c989095c9c503676186e52032f04f71deecc168458ab01878dcecb4a408e9185298778a7550942141edcb3ddc0d9d899ffc90a8f698d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
16d09e66478d248943c90148bf01fbca

SHA1
0e800aee6d9b92e347df8e661699258cb7ae8153

SHA256
474d75e3c64a1fbb66309f1eb04be4721940652458b61fca15e369775e138842

SHA512
1b091afa9939058dab6c5ccc589d0e16790f1f22aca2865bfd3700f37abdba9b7b1295d59920836b216e25b387c5dd3003587eee1d175a6337e79592c6050c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
23a537ad202bf0c67379ba310477f43b

SHA1
55227cc672beef03e61855ead7491038edba3cc1

SHA256
f50fa54fb151c42f2fb37443118d4733484a2138f427130a11b7af9fdc1ec92e

SHA512
18ce307b066c4a2a06f6cc719808cd6544c028d4afb5ffb4dc984ce3ec86b0574091db88cc56ce4deefd92e0df725542198bdd5a96dd9eec38fe61514054bdb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3d8c5c761c9e509148d01279e8c368a9

SHA1
ec7e956605bef7b5289b96cd777432cd66492ab4

SHA256
44c3d88e617aadd1d648bc0423b22729bea8f5835cd90f573e4a5ef27727b387

SHA512
d442163ad7b1c839ee96cb8946044e06a1593351faa51ee638d3ade2280cf48de6dd31cf7efbfa15f838328299a852614a2bf93bfce3a8f3bc62ce40391a9189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8da36db114838e1f2175f44ef92c10e9

SHA1
664e253669f8d23dc16604c2294b053e8dcbf6e2

SHA256
2118ef7af119bef43ec696c34b75c2486335c16ff7484cdf507c1de145862884

SHA512
f002b80a371b7200c90aadd10409f22c4cb3bc66be1be79dd6a14696d7316576c58635fe9105f6c83d74aec813c824080bdb557b3188516557a6e275ff7a4f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
97b2f4f8feaa1d6eb38b508c32e268c0

SHA1
0c5ea09b6af4caf9593cbc4878cce185474ef4e2

SHA256
026e547b7314d56e83404a6c443c57ee1a7177b746d50e124e7ff463917b7f80

SHA512
66e30e33adfac32e7755d518f7470cc8ca90e9c8140e82d612ea39bd5cf2d9422178bd9830a4c4a755c0c2526ee3b930e6cfdcab8a93f37ad0840b113e54ef6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d70d3074e9474d3a1d5c2e26e6309eee

SHA1
07e5f3171493b17e4a1d5570739310146489afde

SHA256
e0a3b9f1d2e025ff6098d9857414603ee8f64bf783633cba5c5b66fa07cdf4de

SHA512
3f0309366828bb9df54b5a93cf622eccf1f6ef8f8bd4ed5b185fece05ea0116436993db308368f6750c8aae10b1554b6bf3ff2b0bec97bbf0dc933f58d290610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e25a4bec06a8d3e6c4ee23e86ef08755

SHA1
2de1be0df0f310116d4ed7fead20cd6aec71badb

SHA256
f22d056c1a145d95388c41484b70d6effaeeb3ef4153075a6110bb9bffa8ebff

SHA512
316511498224d6c52299e9c0a2e2147c73fe928777742756d2f466221dee67c0e70824e5f74a475452ff60f54361be6c742e79187d4293258da5394b6f726afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fc422fd2cd617a5d2c531f684be8b553

SHA1
9b3e8f0381c40c8e975acd454ef5414d6999f312

SHA256
9c1e5e1338e008f363c997ea58ac10e00e875befabd0d8392c77ec4186799575

SHA512
bfd0402c4ccaccf72c247aeb9d14c70fb4b116f5bce9a1fbab038d86617b8d585aafe7ebec446aac993aa3ea7b574cd90ec0c406077d9f5ea0f299757584cfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6594b000fe7b44a9af90d747ef1d349e

SHA1
16d9a7142772c70060fdcc33e0101204a9abb6bf

SHA256
06b87c927559d7b60d2a2e69d1e23a1101eebd4ba5676f17f0352bc62567cefb

SHA512
6f9685fad3c5f04488240626e4b31c9e1e967cf9024383e2fc0d65ca5de099f02f778d4cb2ec85fe9a5d53dcf1b0264deab376c7f79edf67af46b00bb3609896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15516672f09f334b2c114950c459896e

SHA1
93faadc3c57986acf08f83e0ff0fde9d51b747b2

SHA256
0a8820e96cda182f926ca0357530a0f5828c01a40c39f1bbce80ca6f984ee231

SHA512
44b5625b9ede3eb647f0601871bd6a86e48d677dab363e14c2a7d17f213a120c65211fbe401f9967b0a9e4221c545a5e8238d80b0c332a9183da05b446925f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a899a6c7d16fe48b0823f662b69b7a7

SHA1
4c4e50c8982257312d91707e9fd99a9659fa5d16

SHA256
0368b601d47fb5a05219befb042c2cd27b6e22ab88e981d0acf73a6833fdf200

SHA512
548c057cc361b711b5e187ead1fc49a1d38d4947c81ff3952f9dd05558eaea8c4791158b7fd5be7f94a2ec164b48e8848c870fd655018fc5ab07c49d52b1dcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da870a9318b6ecd891ec39329da10ecc

SHA1
7bae45efa026cfeb555072a36bbd9a8be12975a7

SHA256
828bad947043e2d52137dd45bed968df4b06816e13219000a9f28fd711d419ed

SHA512
ea6ed4b9480278bfe68b2005d6a473363864dbd46a618220fba671b90df69279ce5f862a77d0ce28c38e7a336b0d30dc7f5daaa0d35fee5b50132292be011adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e4494d434e427799859d13973ef54ac

SHA1
1c839a718ed46922cab0291fd338ba77d905bbf4

SHA256
1e98e1eef9e0d704e14ea41df71873830b9e0a42429fbe356e6030dbb49a0f44

SHA512
40d4446ba224791f1bcc58ab36a818a1d0815832e371f7888117f1307d3d61d2d5ac3dea519560aea462fbf91e38c75dc12d3030d52dfaee69d1a7a65fda2d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4f02882a62048b9ebf32ad9c71dbd1f8

SHA1
a2540610f1b2d1e5cc030180cb42a17afe4059ed

SHA256
4524d711425fa1ced1866cf3e96c73e6f7a34edb3b4e12d7f54cc7a6a58a0ed1

SHA512
51172a486a7383b2146583e93a426540f6f69ebd6aefa9d2ccb518b2a990e925bb29e2ac0788a80f9a641bfed02d49c22cc5ea299d3309b1e1766e1c21a78415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
235f8a5f002478ed8e0250a48a13c223

SHA1
0ea925043d040174fc1a058b194ec9446ec23272

SHA256
636dbbf39e84d4519e7bb25448d6902eab9309beba8d75cb7e4f6d9282c18773

SHA512
09ed543afaa36ff0b77967a75b3084069c30a7ffb05ef519073e67a991fe6bcf5151d516486c4e1d638e26734bceccd3d586fd0de50a6df21033e526a3fdaf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d7a1b489bd54c6d473fd6abe7a11c259

SHA1
c70626d05b24108ecbe0f115f770a6c54d8106e5

SHA256
5132828abaa874f01582e96f0996cd0a70ecd37ec57fc7a91a28efe8664c4b6f

SHA512
1f6cbe26a6fef40aab641aae6b9a0a9c260c22c93da9c0cd78bade7849c0dcf82b7c1dbee8a51771058931b7e9f9877379afe51655d3d51a0be5c08b7978dd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2155ba311795763ad4d4ab08f28fd312

SHA1
caa8b04c9aef5ebbac7aba6a9222009743efc0b9

SHA256
e6055d6e70de749e4cfe5e00a9b2c4d938c911b8602c044d3b54ea02551405c1

SHA512
9deb517c7cdd11a683aa73a2723ff821435f6563de5025ae214ed7c1ef962eb5a4272e8e1907b112a3a5c5284c90448155d4d86b28e14f28442ac187ce3a87ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
943bcac943f451c7eeef2d7c4c8e7462

SHA1
86385d97a53df48b3cf20e016f6aaeeaa195c89b

SHA256
7b0cb76358bbfc60159efc64bbe23a16901bcf9924a01cbf6002d1cce356b983

SHA512
360bf0ac21b9713f39554841eb5491374114aeaf60969ba84b8a46cc5078472c776fdc8b323985c28cb4d7c9f4f48d47844653ac5cd22bc53db6b3d872be371f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6b66e942f981c27b66df0bb656c32e8d

SHA1
71241f2929dcbecd46957e8d49048254665d099e

SHA256
127e41aa29f6eb1eb2bb43185d18e6c54ab9196e15825feae3c5211cf18744a9

SHA512
d91538aa273175a1931cf150b957c75f3384ac826f589327d0a6a6431551fc90fb803471ab8ea562c5867628023e1069ee749ee20ffb36415016674b3aa253ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c911a63e17be42af61b37e0b77789b84

SHA1
32ba1bdfdf0e884d24370af24fb09a88ddbceb3e

SHA256
758272f82d85d12aabcca3f7df5c1f92881c36672ffb5ac13c26790f51b584e6

SHA512
8fb1761143d16c71cbae46caff47ac0ead39efa28ae1dd76f59ff9c232e9df55923f46e5e89b703a5175984b1fb9279146a8b0af11c70911ebce2a58944af532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46e9f3533b561c5755159dfe7ec98319

SHA1
5464514fabbdb5346d297c535915f6ba03c83587

SHA256
691c47ddb4ce85368e6ea6287167e38cbd73f6799f71e94f3484c03c34c752fc

SHA512
c3c89242064ab672df8eabf68e7120ac63cb06c42a889a6cd779b41b9abbf98fc3adacdc99e2a98ee0f80069c95fc98411054b30df2ddb53c284e8bb839ab226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9ecf4681b9bd0e194d893d6b1f3edc1

SHA1
d668ac669992f19f50c5f849e844d35a15a9d3b6

SHA256
f15a10d5d56a6336223df81f256aa2bedfd3d4e52477fba123ca8810c92a0aea

SHA512
b146aff3f290817097682456dfb90ffede0cc0a23aa7ab1eb26a1aad66c98909f6a655901257f5206929dd491baa3b633fc584935b127eb4eb578f255d64cbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ab242b5d9ed9228440746bc28fcfca67

SHA1
48cd80162d8c41e34df9207c609e0dcfad7e06c0

SHA256
b15e8444c95bc2131df709b8575de1b1a451d74f75108f7d941993fb542102d5

SHA512
c95f7de36a30f9ba9eb6da0b659f899ae1c71f90af0a7c6505b39bfd9a69fd36161315378c69645f5c2329018f5ced5c75102b5fded72bea9f3aeb00fc449ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c94eccbc8c585f683effb036ae250035

SHA1
8e1977a949dd4e9c5842b8d6ed18f2f79360a97b

SHA256
678a9efbc99ad31c33d9c88fa19b5671b87e28e2e54a4c4088ad32b8ab66b1c6

SHA512
5a80658a481297c6653930dd2b5b4de9303e7d63055a1451dd321b82b7a2f4d87a9a7c6388f8677a94228fb20382c6df9fc8515a1e26058f46f123ff5d672b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e29b566c835cf5cbe859f1300cc82d3f

SHA1
64f53c16e8dcc5e3b547f5f639943c03b12dcc99

SHA256
084da2f19d4ee87ac9f21c2464499607967c30ead2494ef55ba0b1d0e9e89b33

SHA512
62dc165f3bd3c199dd18af46a89bdeb086f75cd74a41e29370af47a33fb40b3f6d7e7b6b0f4b7a6e99783732929452b57eea27d833fa0861f236da9d98bdb926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cb80ee1b45b3d788974ec8292e1aac8

SHA1
d4a27d0555c510ef57c411c2afcddb8a7a986ca8

SHA256
fb17ec2ff182f5110abf17910b2c393ec45202b722e2ec90795ce6ff65392ea3

SHA512
601d9b174777aa20f04e6c551a2e4d87061945bfcce75c40209bdfb9b93cbc16d893b0d22b6724c82cf4902f8acd925e93732777c3521fc457574f071ed5ae96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fb4b732918796963346bd07960b8a6ff

SHA1
8881819094af423f73ce63b03e04923c995b5c0c

SHA256
c4395cbc3f21f1493fa5fc2bbdf7ae1dd4fd8b3b7e0d036b9d61a64e19f5e74f

SHA512
b063d78e2a6cbc7dc90e545562f1813e51626e30641a01baefd7131581c1ed6cee1ac00cd9c365a1c5017819c74e648082cbf42397161b9b677db0d3b2e8f377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ef0c33b3c80514a61217f0fa71b5d41

SHA1
2680b6766c804db99a0f07fe03af137f0010ce0c

SHA256
4bf13cef2e6549cbc43e7b553756cbeee13f16fed08ac82369d9830b0996752e

SHA512
26830263d4bb7a9f73615fbe4fe9b6b997a36fc991e887e929b837cbbbb2078204c7f1c43ee94014bf20918103b58f47e877be4a57329106fdcb3c82b4f92f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a3105da6b42ab79a972ddf2f57e47ea7

SHA1
953a4a6dd4b85e3946c0848c0c20a75d77f6f7dd

SHA256
175cf6616748ac9a9425e0af6f562eaa95fbc3f2d29e866b4bb4f6e7586e040e

SHA512
76f0a676ea169fb1989186aac6488d4f20835e103171c2ea48942ccbe58e1c9a76589bad5709b3b4604658c37363b27e5d8768fc7d133a17d4c08f1915e14efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f0ec90e5e0917a26de57f07e3adc5d1f

SHA1
1358de87d739807e08a68fa8feb3b82ca4c8cf7c

SHA256
ad007e8d04b738bbbccfd242311176a51bca1819d28629dc4cfa0f6cc69928dd

SHA512
8d84709cea47dd1b04a9531a6f25d8efd222865c32dad535a4554c657bdc42b2af77a8a5f1b19c2fc6bce2a166079861a75535a5c6dbc3c603745e338041acb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c049cb163504e159b07a715a8ddf82de

SHA1
94a41cec960eddf8fbea25628c2f9a0d95bcf4ea

SHA256
d121deecb39c4a5785a9863c4e9102dd251c36340e5d427531b370b122dcaf53

SHA512
a6b2f6d0e1a2873c0ea4770462d16d4369b9caaa6db35cd6cc8e0483fd786b737328148dcf8b9f9440a4cfc79c7040b7cd2876b55dcaeb1edb9ecd09e727c383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03809b8401fd56fbb7d33384895bdf80

SHA1
3136851cff57688dbf2bdbebd73c35dc749fe4a9

SHA256
2d94711ed567ea471d64521655e65ac9b20955aec9951e26db7fe4bc1b02282e

SHA512
d5da9159cfb1ab350d695a2e0168bbe85a5b422e02af2a732278b3241780afc8b9ce8b824929e3a92f73d52921e56fe5698419828baafa00c8e512db39844c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ad8b3fde48cf8fb1a3696eaf169b163

SHA1
8b86b15bb98d62d842ce5c50dddc23b23c2d99ab

SHA256
fb8a142644c36be6bf966f0973ed5f036f950b3aa80e1f4c2150b354700534a6

SHA512
dd512345352f40a01a4d4e6e100744fa4dc31a8455cc82e1dcd006ba39994c4d4ad161628814387d25796667bdb6f3a27c185b7720621b13d03e1ce124d55842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e82086feabc66f794e6159dde1e7a5a

SHA1
912c1a0e6888e3580670dbac16c552d94324c1b2

SHA256
8b4ab939514eb87ffa89f0b813a7268a0960da58bee8da071379993ae7ff98d7

SHA512
45115e8ef9d3c4ac1ad9ceaf8a59a22be23444b57cde40a6165dfcc0443864c1129f153ff40fc31aee4f7a35b227b70ca597e41069785398c1560a678f7928c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b16cb9a831c879e9b2ae864398035be2

SHA1
b92dadc6a4815ce6c209009f24b76830ea5445e9

SHA256
f2ddaf025fc19cfd173a94d58185dbe678b5c9043dd242d221c0f80a94b4aa5d

SHA512
ae3c0a6b53f20551ddeec1437027b5859079cae8a8330ad182fe2444ef65d54609c0af1f00e300b93bba9d578d9a20de3c6dd27a47d9878424135634eb54e8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ee8c5856a43b43f7f1bb9ddd318dca4

SHA1
e9bedbab46b73ba7927fe15e8869f998e2e47b9a

SHA256
93694098d1c33813ec481ea67b25b008c682f76945c232f9713ea389616b7d22

SHA512
f8e21bcf8410f4017a9167d957affbfce3fb8f659f356347d53a0bfb8f37a32ec97ce691978af261980ee8a07321bd4e71f2eff34af2d4f9b9ce30159620e4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fd68acb9533bcfdfc22e8f745a18a3ba

SHA1
70833496082c2bf475e07f16f0a921062610940f

SHA256
ef3f0de0ebca24cfb3e9f46db61fd977d289ff18b135830cec17eeb89fae192b

SHA512
d02a8de6d039a7e3cb4521e8bf4750b3536a888fd1c12af6aa47b363cd3a9e0d777199cf7e17c231ca9cd9c921bd90e41f9aad912b0f1dca0c8dff088413a965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a55d1f738fec2d73a82868abb54816a9

SHA1
1e3eac3a0629ba1457d3be29918738ab9d2884b0

SHA256
3e8f75402324b31a9dad98db9132995c985659b3d22f51a5c89e1611fa9a9ff7

SHA512
85fd5b460d0e0b824b1f24bafed6577b3f710d99591aea8da0b3e6f474ed4bc3bf64acbe9f765a21ff42549530f77d510977efa608aeedc2c614ea3df70ee6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ec6f09fedea522c795317a498ff1eef0

SHA1
2d76c345336a7562e4bbb13deacc5254e936bc14

SHA256
33f5abf6b5f87da529bf4f52c93c0285856ceefea4a52b10458c6e820f922651

SHA512
facbf9a8130dda4412040a9cb975c60289656192bc673be7caf06e78342d800ae593edd497721df7ba6ff62adfe4fb14a8936978fc6334a71a9cf485e249d0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5e3e85098bbe45ed11fe5ceaa1318941

SHA1
8afa06f7be130f7607fda94c1d91760db777a4d0

SHA256
259f1cd0ba492487cea78e93caea6a081aeb2cf7cd8d90d204c76cb7ce3e58d3

SHA512
10b278a0dd8759635d4c5a04b6eab96c9fd56a043592ffcf21b5af60cb562b35e0546da2b4051d2129c7a860384416fa88f66166f7328856e5dfb0a0005bf167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c69c44f296d98fcd7d4baa4d7009474a

SHA1
78cea495f1a4945a8f1770ea37eaea596b392b44

SHA256
a3fe7e5c34e5629b62abd3b78db726788be6782d84791284177269be6b5b75a6

SHA512
beb5527eccd2eedfbd47a8bf2ee5ca451b80e2cbb0c0834a2e300c0ca2d36a64654df19f7076530a55bed7ac2697e026ac41bd36b92f1ca5d767a054abafe163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf6a6d1ec75f95089d88677abeed44e9

SHA1
fa9d5eae587a23509230a82179ac9714eddda138

SHA256
2cd8b5550efd91c394b1b1d881ae68719fa08a1195e3bf12f7ddda9f56addd49

SHA512
6ed42010d235323a92225b344bbcf9cb28999eb32b105237410467934aeac6f0c9c4c590bd7c354bc74b692a495c1580c254b85596c3aac9860ea3d54838cd05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aac11875912f2e23756ea9268628a67a

SHA1
59a9f28c0bf523911d864b278b4051d0d645ee63

SHA256
50de3b967715b057e095e9c25c908544614e110abec66a1802d061e5cc626c77

SHA512
a3b9fb6cedfc7b0ff917042008ed67b709a7fe29b7d10ebccbd83188fa4e575dfd095a11134e34d64aa97a40ea1665feac85a7f1c6492ca27fecc2924adbd024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2fab8d04fc54d5fdf7c31dee94605a2

SHA1
9f792eaf75aa30b8859e77355cb3714ef037972e

SHA256
15651c463b107716f164ce14e9508144c79a136ec2de3a2662612afcdd23e567

SHA512
0a4284cc993efff14e14d882cce89f7d1c2b9259e5970aeddf6e62641d9580da26bcc69565db3e24f0c0450f73c41e112be0084cb8a4bc45c227de5ca426226b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a7a2d0971b80278237c3902e222362e

SHA1
ab88031a88ea2784cdcf0dd97f38c4b94def4810

SHA256
5eb830527b2332ab21922b2f3506493068e49bc07b4e412870a90cd477fe3626

SHA512
366bcf9a7e9a29bf2539a9b154f5b03d1af6d687721925940cc33bb85cb557c71aab81352c62ad7b7ad15dd985c02d447657db5c6ff6cae85555d623b6ac10a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2dc03a0281861185a90119793b8fea2d

SHA1
f1a5b0d4c2c596f340d278bd25581239061fb068

SHA256
dfe6d09decf8df9c5b295c2ec561f3a6d928b3a65ca8f8d098beb19a106c6de4

SHA512
ef3b5c3460e48dc6652550a34df409295aa7fb2a703811c3590f381b11671e46af1eba33f9ebdd95b753dba609d4975ce82ef7ada19fb409ba295ffd8e70b8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7a54d6dfae242787103714c779706255

SHA1
6a62114735d1bf3c0e495241a75cbd1c2f5cc9b4

SHA256
69f871b657c92c0e4eabcf14b13ed3ef5081abb136543849efc8810be424038e

SHA512
855a95bb197ae616c749c0ddbe76cac75395bca28dd1a62fa01f7c38e3a89147ed97e9a2acfceb6f59884019a6a40ecb5668e64ae946e9fcf4973b5161a31bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5696b180f0fc1d442c3fb7b720c10509

SHA1
7ed57f575973da8220cec4aeac05c3cb6a0893bf

SHA256
ae61776df88a0c9fae478b37e5d45ba72744f6eebdd9ab21089caed976f05957

SHA512
30ec34e75488255f622b800698742011593709da4d8dc4c727b85ccb06f5476db823f67992345c13376f67b9bb064d66e0b3d9a184923ff8d746b8938882afd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
652fcc2fb99d6dc0288b5bd454271b14

SHA1
8ea2b2c331682f01abd3418030f1b5e23b39f69f

SHA256
389906e136b73e20b74a81e6de3f723b9e13ab28774f0b9d852ab742e4d3c882

SHA512
c80ef7ae9327000fe7d12456a08d7600381ed12897c49b1ebd2d26d63c01ea9b3feb071067118d284f0c5898d8b06536b7a82c13a6565a05dfe7d50ac35163c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0bba2d07d7885405e90036ff2f718e35

SHA1
4bd1646dca33196e739f5d40edf46ca31aaf8ef6

SHA256
a894cb2883a433ec3bf7db7555ecca1fc3e49a4e7c6513653aa04abcabf7de12

SHA512
d937292d16ab9d9e7a2c10fd4f5f21247564c91d5075014958e2986bb0686a32b6b7093f40cfaeb22ef8c26c8b225604c9da4a9bbb9f9df8574858d4f254cda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fd31ef3466d9ff8e053dc1a97f89c82b

SHA1
64919fcde5ca516ce8e72a18a8ac4d4fb904857e

SHA256
377ffbc56474366a9b9f7cedc650760e357cbd386d808902ad2e3ea655265b84

SHA512
ad3d1f1ed89d4ead4f7e703defb23db6d5afd57c694f6d3ebc7f274701deba42c91beadad5215de1e5e875171aa3d5d0494be92818ed6c740a678d969e53a111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
724278ab55cf9bfcba71826461d9d1db

SHA1
8f0bf2e52c7222787f6a0c227d48d4ce800ce23f

SHA256
f7037ddf63f1dea5b460fb590edcc449118a4dc768a8bad61a6c44c71a41ad36

SHA512
e2877bf9afa8151375159e6f2787a0965bdf5f2c5eb4f238c14514d23cce2ed666716c9a9d5d4b636469d5f0df12388031b4872c851be35ecfe006409cac243d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6566597b1aab03bda339690b89355d1

SHA1
3ca8acdeaa87bc1f82dc931e33ae8f633240fefe

SHA256
b9a296bf588fb15065beaef1ca087a53543f65e0bd2bba08f7f8b07bf8a7c96f

SHA512
93fcb13e269f94a12383430eadce425ca967666a13a344b1cbead8171bad45454a5e52829cd18061db4235ab629a7e4b78da5b67260ed2cd37c693ad5b00cb81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
85e2ade24ace60d8f1128c3df3ef5bc9

SHA1
53ac2858a1085eedd48110095e259eb64b8622e1

SHA256
d21144e42feac11a5438053212719ec2c070b89b024d7821ce8a72e2913d7a9f

SHA512
9af1d7403660d717f48603c718eb0335512fe57305b2ceadee48dc19b970295cf9475667228258fb0b56d69cfcdf119fe8b7665caeb21e4bbf6187e209ad2845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93ff7ec4e34032433776f8e56cd058db

SHA1
f5dfa1a59b0872218da72886d1c15fd2fdc1f8a5

SHA256
3f4c3bbffab9b86df408336f253f62ffd6e94937442616679b9ac93f39e72514

SHA512
d822e03c6a52706e7e4472637da279f5f354565fc97d30441f16199b3c557edf557480d98c173c6848f684259207f39f2f8bc2cf1b088d29a1391562d705c6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0fc49d518a641138ded57dd0f633c8ba

SHA1
a4250a3339e0eaf670fa7e14e39f790a499647e5

SHA256
b5809316d28b310996e959d5c625e628cc904da62dfa03c2028ab0a04581eb44

SHA512
a03c4e0d595185380f524a375ce90da2286d638b778f7cd391a7bf365fd15cd7df2f7a561104a81cb3173eac5ccb964aad4d03b607310247a2042fc4735688af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b6e03ada911800b5481d077a2ee7920b

SHA1
574479b36b6674d9fa1d085f8c444669a4fa2a0d

SHA256
a3a76333764d7dc0fa7056304d06d8aacbd50f061bea9068876c63869b25ff0a

SHA512
6a2cfec31c17cd1733bfad679e4f73e6313585dbff1bace80f3456790fe6997c99d3ab2d9c9a0ad4d0ed740c2912459a8ce196101bce19ac10acea016d650dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5dcdf842e785a809d4d75d76424a915d

SHA1
e79308c3bd4dbc6ec63c9c0055c1830a337fd159

SHA256
5e15572f115131b59a6a4b5ac9338d4a2b1cd2e3503c369ccfbeb833dd49df76

SHA512
0435f13ce9b9ccc2806ce5ded5bc437263dd83db8f2fd7c5b28e80ff10636515f29287fbd32a4157b15b80ac97641b3513ce6c1a8c0630a6f76ee831d160dca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54e128d4a9c1990485e31c348b74a687

SHA1
613add0d4f1c77f3dc0571b6e8b5c921e8e96bee

SHA256
ae1e5be4b79cc919402f2574d9d9e88178d09a6d1537519d985d0e149ed48fe7

SHA512
1981825b8963d2a1f9d292cbf0ee05da0f8ffb6bd54ba27a0fc10d374ff89e58f4a5925dbd3b8751b49413773be83982457121c1cdc817702e1504da2c689335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7deda0ca1f0a5e7d4cc225987a6a530a

SHA1
0957e80031b7a9d3204202f8d8397c148e5b0e81

SHA256
9d45c649d0bd97c8a293a5040d3814cc718c48f263888571443a6860ff85eeee

SHA512
26a2cc71e06e737ced31043316870b57ab4c1d9448db715dd90d3610a2ba81fc7462fa5329d84f755008e184c067fc72d0fbd7b148cab803250eb65eeb99dfd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f8d3acbd81ea84ea17e67c72f8a7b10

SHA1
03416e399de69c95373808779eb0523d2002c711

SHA256
0c1ed6ac546671341dfcb38e1af2c33b27a21c8229287cdf2702365d772523c9

SHA512
46ed3864fea7bf9c39ce936fd97393dc7103b24741861d2155fe16b3b6cc317271d5a1b0b3a9ef40bc5ba8ba30bcc47636a205440d61af8ff173fa2118c78682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7dc30dbf61cf9d5961f00d298dec7a10

SHA1
7f6e3c8dd6288f9f29927b501cdab50b9bae4f0e

SHA256
70f6e1f55ea8c4efcd36468a405561d6145ca8b8213cb9b0227e03a02d037dbd

SHA512
49102e11d719d52f2d99cd3638a25b634f3c3e5d72d91a72d654ebcd0721569aa878f8d9ec05b8312f4aa5c5adcd217ca5dc337371339a04358fb22291f38596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61cbb31c0cff5a5350eb45d7e9315892

SHA1
b8dc11dbc124571dc3088e5624b17ecd57fae2f1

SHA256
3f4bd9ad5f5bab0ad74d8db65729b9ae40e2e12845184e78976ddd3f4916292b

SHA512
2f4c0d7e7840b905ebe6bd5f030b7b2d0fbbfc7b81163c8095318411e2593636bcc7b8ca749cfaec47b6d7e2a9215e6c9add37f18fbb2996a24413b464768b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3dde5d3e6fed67134066ac0055bb73fa

SHA1
6b54cd9e3b64c8709f75d1e02976c0c6c25d5366

SHA256
cde523f134a93c44b93578717b2d51f6628cabfc9c175f0cf8efc171b938c884

SHA512
09f4ef5acaf65f60b435b79dac0397bfe33c49225accdcf61e0cccec751d4b24345b97ad1645d2defddfb8be4b09e2d3c7a908cb6eb42fa438026f4d4cab572c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
627bdef1fcaa027656dc9b884481d44f

SHA1
2e71d9e168bfd630e2b9e29ee3a386c6efe31b71

SHA256
fd63f77534192a8181e73bef71a90bf89e545244bf7bf0e9fc8834f6d34ab710

SHA512
0f36c4095f74f9de7edb78fe2b5e689a3eedc4f06d2337b35fb1b81b7caa2d3ee67885c438d7fca2f42dfd83036ffca432807c1e90ed85310363687525210989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f90e4b8fd010b3bb6aecab88bb377150

SHA1
10dd977c3e0cdd43477109cedc68ae995c3d4c29

SHA256
c5b7003391702b702efdc09f515f0397a86facae047a28c0bfa1d73ee93177c8

SHA512
36c75a2c028abd7cfaf5bb58f6d20c8439a25138c6f1b9e9b49d42654aaa4d780cb7e33444d221bc14698f84ac257d35528608553f07f0877b0db85ab0d72575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe615bea.TMP

Filesize
1KB

MD5
6bb1eddbb6cabb75f61d466d414a7cf3

SHA1
619f40467133fc62644e8480707dbf9807332b7c

SHA256
3fbed692212b19e527c114fcec5adce63e5cf7a9497eb1e068a77cdc3f036a3d

SHA512
2f99d7916b01f86f9705523d15ba9b4d19826b833711db9282ae9842003eeb018e9948d5805e49271cefb623a3a360738c02830dc1ca4e6a13de3f6972342cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2f8761a8b65c380ab322772e37216767

SHA1
b380c708d077ef8100d8b1f2c9ebe4b38c52c737

SHA256
034ed84ab662790b0c701e040344decb11f44aabdf756f08153a92902afac381

SHA512
126325e7dc27a0701ee9c01656fd3fff84c8156aa1ff7e7c7a5789d39eb8c021c52ae367d3a4ddbc91b6f67dc155fdd7bce38b1a0f2a922b9e62cb4c95fae7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cd15af43b6a0341bef68158dd0204902

SHA1
7012a98a6dd8d2055eed3a32fe1c6a047f9e7653

SHA256
25be8996546acf50c91950ed7f097fdd90debfc4819daa7f6194aab2887d1b36

SHA512
4218cd774d3d4e7aac9c11365dc633da8596419d06e3ac52fe5967d22cb121af7d375f1fa54d787c899ba10dc4a2daf955d05740968f992d03aee2ff0887e4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1bd2ef7d5fda76b8c078a0a9155847c7

SHA1
b6348b9e46b66749be6eb15031011b6c6f8faa9d

SHA256
855c111d47c6833d023e58fe79192a17815138d22fbfdef2107eb95c2cf4dde1

SHA512
dde4a5437a294df5211b96f5302b2fc03d49322df4f0e3e61b638e9056bded262772f257115353111d9a7303f209e9a7978a6b9fb02928ea88ce730efcdbc0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6cbb81b742bacfcb94c0957820a30cfe

SHA1
9c1ac2eb3b5f3613dd5e204e1a3f776a6ead3944

SHA256
5a20057c33b662542ad4749e6d1455230f35da1444613ab01fbc6dda6569415d

SHA512
9a3c37b587006c3a57888dc42985755e54039cb5086656f01a93416783bcdc09cd5246811a158b867612ebed361e18ebd485bb047bf4ec882427b3417348f735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
677e4f6dd0d88b1fd882b76691eb00e1

SHA1
9445e23fe6e9819d01641bd4e60de179cd8b9b09

SHA256
4554a19d97979cbfe03be0ff6ebfcb56332ed4929549fcc7d2722ff0c84ea258

SHA512
9d478a87f239c4dbbf00579e53f75b5cd9293c12b5edab8325c043a10048ca967c2d14c5053ec27921ee3e3c3b9475b6f71278604f0bf53d7142af234a20f231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a6dfa100e11a8cda2624e9fbdbeb5aec

SHA1
b5320521c4d7fba0f446c1311567b3739ac3f1d6

SHA256
77e396e8dc81a3c6d81edfdb7eb08bb659ac86382873acd54feaa26f114e2f8d

SHA512
367592d1d3ba55523369ca6614e68b77f2a9579a6a58402877d7729bb43869f07e67fe11915ea0e9bc7fee55992665f72d2202a8c033447f03a13663e98a481b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eb86720d6463639c50d01b574e8c0358

SHA1
fce2232098303dd48421d8b04bffdb951d1904d5

SHA256
554f18c2fec7b3ce44deedfd33d396e102176416178801c4547d414121c3515b

SHA512
674c3c3d54ee9258400d73a8c719b726e97c5918710dcaeba11e2b4d603d4903e0392102e3908ad888606322583134b4f1a9d411b33e894bd97bfc0e8ecf0def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
098cdc70a766d7aef3f8e6f3caa5b34d

SHA1
225b4fc7749bceb36497514327c17bca127c9940

SHA256
3a7ef278964d0a4a3f3a7759dc52d4afb5437520070cb49fb9bf3bde92ee2bdb

SHA512
44637ac9955e08af09201b9b42ef9a5a2f2ee5af2295bd25c7b2dbe0ee3cadf14e341f57b164cb435acbebb79b9cad55388757ebc1e66fe6ac5586864c737323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3715d2137c7db277ce8c78d2d1dde2f0

SHA1
e4678330e3e6ec3606b09e0204e9ba3290562de4

SHA256
223aa1a074ea8e8627d66c5a0aec7ad2bf864a20614aef7bc27d75a37f2fd64b

SHA512
fe250887d6814c66660e1fec17e5ac70e492182ee6e2ed4baf0c63f186f52232b55a773c574ec5510adefe38bb227f27f9dcb47717694f78c34ec8ad5b4f0857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
581ebea690d8ef5fd724aec30818a0bc

SHA1
a4f18ad1c468f1188244d5f4e15b1da0eddca04d

SHA256
ce9cad7e81470a70cc68dc904b0e79a00db9f01f2767f87b6587da934baf780c

SHA512
07bf06845d15cb41769ef605fb81e9fa6ba3709f5a2bec99dd9f9801edbc450fa59bcb8491e9f3a46d5258c89ebad5180d3dd401022af5434aae2064cf103754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
444cbf53758986385379c770c865fda6

SHA1
a5294207b03e693f3ed9498ee9b6374d50f9cacd

SHA256
e845a233dbc8711bf30ac669fcf90a1db5bd0ebc5abfab917f00627c3a3df5e8

SHA512
fe81136d614b8cb72861d82e3717ef0c25d9b3290db942c7433a083badb480f4b60b4e6d9f648fb769555e4671228bb27fe9b971fd029e79fa1c0b03287a03e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7a7fed50c82015948f0113d6256f4fbc

SHA1
5d838ed048d2a40aace42dcf81919b07e37fd42b

SHA256
f6c6f1d883ddd8b9f949343f38cdf472a6a6259f74d593b98be49c7f67503a4c

SHA512
6550b30b2e77265e0881c351bb40c197cb041ea9ce11ee942726b27298c05ef834df2478764cdcc6fe96a1bb4f9b9dff126818ecdb4bc32924e41eeb792671ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3b0187fa0fd043a3206ea4dc10edfa98

SHA1
2dda375222e37ea644ea7c0d74ed3f20d65262f9

SHA256
fa972bcd7c662d78a6ec4d4ea1b36a867c92b86ea177cdad7a686f210c0f0c4f

SHA512
ee9f7149f64a8081014b3c469cc2d7d778eaaa51a8441411af923441b2ce2642201eb1b609f075a87036a02f9befab1242a321653eceaf43d50e1eb954a58990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd95763eca5cf7bb8c020264737e2576

SHA1
8b014bcd5eebcdf320d69b6dfe51e27e9e1c2f4b

SHA256
05f93e93ef40afc74bc1ae1625f5d47d8b1b740f2b6556219632a685cd1d4acb

SHA512
388c56c93f1211015e23ce531562e8bc833e420282163eb3b502acff8198e8e357f2f1f523c8dc63397052af014031029be323f8958b665b7f0ea6c471da2f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
61055933132e1ac1ea11cf7ccf5f5733

SHA1
b4aafdaf43fa60329e8a584542f3d72c6a19363c

SHA256
304fbc6df5592be56822b30c2c89548f564ee2f1c4ee3072073bc7d6b4b36e89

SHA512
d16d8c3ba127f8d545a347b6391939916dd959d1dcd77b962f764edafd354c95a1b5200f7099d1805024524ca39de5eec249b059a1c7c7fc0d01fd16bcf228d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1f8ff775b4967fcf6cc340d43b2a0c68

SHA1
2be9f2463aea9ad89b9f7cbb8aac3a0f9f5ccc07

SHA256
531f79910df21f613d749ddb8640bf717559a5af7666784b0e52a41577f04ae2

SHA512
e12740045f6f6254f1499402d77ee6173bbbfc0b11289926bbdec47d0cb64803972551ef35dd97610bb714c07c80b6b1ac77c84cda55f0ffea28bf4f595d19af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a8c97a50eab2198b4dea82ebd32a1adc

SHA1
5f22ec7935bf7a9e042e76da0908684acc3ea30c

SHA256
30813199cfc35c44a0c623826216b6ea8ffadba03c7d7ea159cc051196777330

SHA512
f9fd6951a4d699884ba8ae38565d50c3d008719a53fd24f58644e6d5ee418032a2ccf39c261349a0e70093aa93f71ec1bd984b4d906134446f874bb6212560dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
27d66371d6a7df9ca4ca79070f27dee9

SHA1
c575faf2e65c9a12e70939a3346cff3a4edd2f6a

SHA256
17d8cd4f2cba81d2923a91b1f7cd4cdf6e6959267b7a144ad2b0e31d743408e5

SHA512
f1491f1d38d84974ef2aefd82522e77df0817737739e4025fd62e83bcb613a9bb3903db02b5a146504234f262e8e15b9220278487aac2a58c797c758f9df8e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
01b2bc5fd51321b950b6ece6064a43db

SHA1
12c95e16f471e334829831332d2413d194ad71bc

SHA256
a4c18ba23d8a45e40bdf98eca2cd3e3f8550d4095d94d7292dc2423f68262336

SHA512
c6a3bdd4c61e6f5673c4293c4aa8be16efc1f88699677ede78022f44ccf87b1ed4178b6d6239823f08817c1b97595e7ed7c207e586b50907ca0ae3538d558388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
836e368b0e70360293fa3b07bc75a518

SHA1
7f9152a126ffda6a049919c009389b4b52418f05

SHA256
c37a85568104d1afb91227e3fd101267c62741d2ee5ed47daeba64e2c84f6534

SHA512
d2389fdf4921f5fa4bc1e7e60e9c67450f3c0c093489f5b89363222c22aceffe759639ec9160aef41b7ca2077dc68eca44d1d352f1dd3cf806c2d7fff39e89a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2d83cf4293e31f4cdaa1f2315d84429b

SHA1
5d307c5232cfd6b5d134f9d288d1e93a038edc48

SHA256
bcb6f931460145e18c1f08ef376bb225e4d9599716b409b1593b8278ecfbca85

SHA512
8ce7516c3abe460d43ca7a5163e47ef110e65a5644adacbde5aa655294749b23b4a2987bb804d26d706a213da570126338a5aecda0abeafbc460773d3aa96486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d90b271ce7a94ed6ad5239a43b7417b9

SHA1
250bfe28098ada393c0c3800cca09db5feff0e09

SHA256
816fdc1e082abce86a9989c097d9125ceba36347826b9d3701b5ece0e4fa6659

SHA512
db017f1a0e30e308a52ea59476dc6083bd1e28c1f86366464d2969f2227094818246191ee884d9bc779c05df50afad71809d1327ab47d49d5df5e43a1590b537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
309e02bcee11add8b06e4420c5d17f6d

SHA1
b287cafdf7f9bb1720f608274ad269d39ff53ed5

SHA256
45cc2a380a6090a12f9845cca5c39cb506c0515f929ece596a335e8ea1961175

SHA512
befbd4a6a269a7916edc83d816dc622b2057abf24191b9f48ca2ac7dd2f450d815e7227b2c97af7294cbe37e76ac2e99fad5cb40894ed687a11bfe89f3a02b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6981c8e516b4469392a4d100462de729

SHA1
f9b99af98d5a03d1328deddbe35e563789c0ac72

SHA256
a53048ff1d31065db22e10377daad23063e0ccd94e16ad1494d073ededf95f52

SHA512
b5847cd6cfd8afc0e5cb232548d5d1884f4bb4383ca0e800dd95f6007619005845fc79d5d8d82fcf611da6b9c3b3aa3662a3df1f98fc663d4b9fa3d845e8d038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f38eec2f042eba98fd4f56d13f8f1569

SHA1
4171192bc2b9cf963a76591c18551e97bf4fe0cb

SHA256
e63741398fbd8d51e63ff9a987b7cff6f48df0f633640f7a1a41be951b41b17f

SHA512
4b958a560293a67418acde822cd8dab53605752a2e8ec0f71371e558df2fdd32df4c2d4c17e02e14cfe2ad7d5cc84ce450d7c9c0425f9ad36961a57287a671fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
13c7b1453899bd2b3e6ec500698199e7

SHA1
7efb84ca8f925b02c5e18e62ce3a35e0b8b79694

SHA256
f0f399af05286baea99a48715eff8806481fd1fea3cbc176ed36482efbe9f6d5

SHA512
1832a23ce7a4307e002d9f500b918cf2b7d6e1a4edea5a3692bfc98cb8233d0f591a4088cf55312a60e0febcfc07f08372bb2d29fcf04529e34042de67a2c22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7f526f10c824f0acf131a953f4b03f7d

SHA1
a4ef62e32da2623d898e2ac5ff4f71ded37d0cc5

SHA256
c353d230c7e9908823dbf366c54d32053be82c5e0001e5e7e7798488a9401455

SHA512
479e4a833ad91a30904d4291f34e75c1157352e064b5bdd94abb4a038572fad748405222929d2da4357e471766bb25050629fef5a4a8cb4e369af588dc0451eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d3409fb9fa4655c8c0b280fa7fbaff05

SHA1
15b488b370729ce749e4e8f6e3c9fa142da75441

SHA256
7e43b1112681b8dbaaef1377bc3ecde572b46184956cd2ea3698a575d2fb7775

SHA512
b1da610438421adfffb97d805e4c78e80436fa6d08fcd8236350cab7edd23d089f47da081c859ef86fd15b851bba38def92ac20ea6d78353226ec495ff9cad58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5d638d8469d3f58ca0527ea92ae5da4f

SHA1
ae8f480d3c19526f4db8c2b380c9570eb72ebac7

SHA256
45b9caf1db6e3c19f26e9f23b81918144cefecfc7d44b0162fe669074e0ae67c

SHA512
f8f5a13aaadd8e63b938692b902dbc36fa0768528daa7a76074c975479e07448f7d5f3a0e16a22b7ba6f8150b39c74e00163f67b2607512bc78a38921047d318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
43a7cff4d3ab91021f2949c8caf27cf0

SHA1
f8de17e50f769ad930088ce0c6cf305d4f878732

SHA256
36493f306cf7706f1d524bf941cabd37343823706d5120f914718849790e5835

SHA512
b25ff66c69255148c16f1c72109d6dba1292715cdbe1fc27b71b5d8db413f2a471fc15e50733430f8d675c67e583f52cde7b0e65e8e7fc7442505c517af1e5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aea3029098314d0dedb60fc4bba644c3

SHA1
4fbcdd9b4219fe4c2a50dcc824a593a4ee6628c0

SHA256
a598cb4f9ee58b056ca19f1b8c7e3a747083844c2b4623fa46c3a773fd92610a

SHA512
f34bbae6dfd503f2c5a3c9f3bd9ad949a38625a1e8decb4687f9696e997af0dc7bd8feef3984df4ee58b92cdd823adaad8c6b08b3735a724145e3ffc18951ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1ed4eae25ff56b3a68905f6f2ca3f4b1

SHA1
70578f9a6b23249bab8927a8aca527e13ffd0a14

SHA256
f1162a42dd87456ff3f29fec273db201973c9dc98aca32741d4369f6c1fcf96f

SHA512
eceaae866c2bdbbb5eec98a327b91588d01de17ce0517886c78de534ccd7fd8ac4c1f645753d4b311d7775d6a16c301ce1268e861552f2dd2664bc16b4dfc9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1183da47d547a7bcbc428fe9a55127a0

SHA1
8ba0b14cb808051a8ec24461d42fe2aa2921155b

SHA256
95029bc38f39f904d47fd2e0559f63d8fee7f2c3348559974463a275d467563f

SHA512
ec5bc7464b0b9b374fef14a926805a496292cd115009d59f656c20471a2620eb665583c9e28658d9cf8bedc3f3c96b306985b71911bef7bbae3d179758651036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b826801c0a7f0f7b1d008ad1b31e6293

SHA1
f7170617b25b1a610004bf0d0987f9a7c385ff2b

SHA256
7bd32d4d0a3568cf3a0ee14193e1f74901e5ee5e90b70cdf4656af12d18e664d

SHA512
d9540663666a651f6e7ac3bcca34bc0022d7b24b5f2b5cabaf96e33519fceffdd98008c79ff08407080c3bbdc9b642710105fb9d3d89707e987912f2512ee21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\x

Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\x

Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_5040_TEXMSEGKBNQCGADC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5180-966-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-973-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-972-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-970-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-971-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-967-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-974-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5180-968-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/5456-273-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-261-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-263-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-268-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-267-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-269-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-270-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-271-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-272-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5456-262-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download