Analysis
-
max time kernel
1106s -
max time network
1337s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 18:26
Static task
static1
Errors
General
-
Target
RobloxPlayerLauncher.exe
-
Size
1.6MB
-
MD5
df3c89248671866cfb9e0a407fad20b4
-
SHA1
2258e20671e6aaba8ce75abb5bc5bca8c4df0035
-
SHA256
93580834e65af2f5a83aacef47a1ec3ef45fc6ab9683ec4df771bbea713ab38f
-
SHA512
f6658f2653aefebc573518773c97319d87d70cabeb182cd622a5722d4df0417df17318f4b25b7929ab03e982a072e914175971b96e205356c5c6a23a3fedaf01
-
SSDEEP
49152:NmAhTN2Q5MmBRS+qYNS2+3njUrG+TvamoGXtTOgM7PMQpdAUFTHrPHHoV5N:gAhTkyZBdM2+3njUmrPHA
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" setup.exe -
Sets file execution options in registry 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation RobloxPlayerLauncher.exe Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation RobloxPlayerLauncher.exe -
Executes dropped EXE 40 IoCs
pid Process 1548 RobloxPlayerLauncher.exe 1676 RobloxPlayerLauncher.exe 5932 MicrosoftEdgeWebview2Setup.exe 5072 MicrosoftEdgeUpdate.exe 5400 MicrosoftEdgeUpdate.exe 1776 MicrosoftEdgeUpdate.exe 5224 MicrosoftEdgeUpdateComRegisterShell64.exe 6008 MicrosoftEdgeUpdateComRegisterShell64.exe 6140 MicrosoftEdgeUpdateComRegisterShell64.exe 5724 MicrosoftEdgeUpdate.exe 5756 MicrosoftEdgeUpdate.exe 2744 MicrosoftEdgeUpdate.exe 6036 MicrosoftEdgeUpdate.exe 624 MicrosoftEdge_X64_123.0.2420.97.exe 5396 setup.exe 4640 setup.exe 5692 MicrosoftEdgeUpdate.exe 448 MicrosoftEdgeUpdate.exe 2128 MicrosoftEdgeUpdate.exe 636 BGAUpdate.exe 2044 MicrosoftEdgeUpdate.exe 5672 MicrosoftEdgeUpdate.exe 664 MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe 736 MicrosoftEdgeUpdate.exe 552 MicrosoftEdgeUpdate.exe 4444 MicrosoftEdgeUpdate.exe 4848 MicrosoftEdgeUpdate.exe 3612 MicrosoftEdgeUpdateComRegisterShell64.exe 5168 MicrosoftEdgeUpdateComRegisterShell64.exe 1368 MicrosoftEdgeUpdateComRegisterShell64.exe 388 MicrosoftEdgeUpdate.exe 6332 MicrosoftEdgeUpdate.exe 7636 MicrosoftEdgeUpdate.exe 992 MicrosoftEdgeUpdate.exe 8600 MicrosoftEdge_X64_123.0.2420.97.exe 8896 setup.exe 8920 setup.exe 9172 setup.exe 9204 setup.exe 8844 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 40 IoCs
pid Process 5072 MicrosoftEdgeUpdate.exe 5400 MicrosoftEdgeUpdate.exe 1776 MicrosoftEdgeUpdate.exe 5224 MicrosoftEdgeUpdateComRegisterShell64.exe 1776 MicrosoftEdgeUpdate.exe 6008 MicrosoftEdgeUpdateComRegisterShell64.exe 1776 MicrosoftEdgeUpdate.exe 6140 MicrosoftEdgeUpdateComRegisterShell64.exe 1776 MicrosoftEdgeUpdate.exe 5724 MicrosoftEdgeUpdate.exe 5756 MicrosoftEdgeUpdate.exe 2744 MicrosoftEdgeUpdate.exe 2744 MicrosoftEdgeUpdate.exe 5756 MicrosoftEdgeUpdate.exe 6036 MicrosoftEdgeUpdate.exe 5692 MicrosoftEdgeUpdate.exe 448 MicrosoftEdgeUpdate.exe 2128 MicrosoftEdgeUpdate.exe 2128 MicrosoftEdgeUpdate.exe 448 MicrosoftEdgeUpdate.exe 2044 MicrosoftEdgeUpdate.exe 5672 MicrosoftEdgeUpdate.exe 5672 MicrosoftEdgeUpdate.exe 736 MicrosoftEdgeUpdate.exe 552 MicrosoftEdgeUpdate.exe 4444 MicrosoftEdgeUpdate.exe 4848 MicrosoftEdgeUpdate.exe 3612 MicrosoftEdgeUpdateComRegisterShell64.exe 4848 MicrosoftEdgeUpdate.exe 5168 MicrosoftEdgeUpdateComRegisterShell64.exe 4848 MicrosoftEdgeUpdate.exe 1368 MicrosoftEdgeUpdateComRegisterShell64.exe 4848 MicrosoftEdgeUpdate.exe 388 MicrosoftEdgeUpdate.exe 6332 MicrosoftEdgeUpdate.exe 7636 MicrosoftEdgeUpdate.exe 7636 MicrosoftEdgeUpdate.exe 6332 MicrosoftEdgeUpdate.exe 992 MicrosoftEdgeUpdate.exe 8844 MicrosoftEdgeUpdate.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\PdfPreview\\PdfPreviewHandler.dll" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe\"" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_helper.exe" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 setup.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=F7E3991D8B4748FCA2D05626EC028570" BGAUpdate.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerLauncher.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerLauncher.exe -
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 205 camo.githubusercontent.com 206 raw.githubusercontent.com 207 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 [email protected] -
Checks system information in the registry 2 TTPs 30 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 5 IoCs
description ioc Process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperFramework\checkbox_unchecked_hover_light.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\LegacyRbxGui\configIcon.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Settings\Players\FriendIcon.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\MicLight\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerLight\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\ExternalSite\twitter.png RobloxPlayerLauncher.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\ja.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\FaceCaptureUI\Background.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperFramework\AssetPreview\more.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DefaultController\Thumbstick2.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\SpeakerNew\Unmuted0.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\graphic\Auth\vn_agebadge.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\PivotEditor\SelectedPivot.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\category\ic-top rated.png RobloxPlayerLauncher.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\kn.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\import_edit.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Slider.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\LegacyRbxGui\sandside.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\foil\normaldetail.dds RobloxPlayerLauncher.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Locales\sl.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\button_zoom_hoverpressed_left.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\icon_warning_ik.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\icon_whitetriangle_up.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\TransparentWhiteImagePlaceholder.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\sand\reflection.dds RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarImporter\button_avatarType_border.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ViewSelector\back_zh_cn.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\MicrosoftEdgeUpdateOnDemand.exe MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\msedgeupdateres_en.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.97\Locales\ko.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarImporter\icon_error.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\copy_2x.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Microsoft\Temp\EUF669.tmp\msedgeupdateres_lv.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\GameSettings\Error.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\pending.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\locked.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Settings\Players\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\graphic\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarEditorImages\circle_blue.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\InGameMenu\TouchControls\d-pad.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\msedgeupdateres_mt.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Microsoft\Temp\EUF669.tmp\msedgeupdateres_vi.dll MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\clb_robux_20.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PlayerList\Report.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\msedgeupdateres_ro.dll MicrosoftEdgeWebview2Setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\ro.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\PlayStationController\PS4\ButtonTouchpad.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PlayerList\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\cobblestone\normal.dds RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\msedgeupdateres_el.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DeveloperInspector\Record.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\dpadRight.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\ic-notification.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_4.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\Cursors\Gamepad\PointerOver.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DesignSystem\ButtonL1.png RobloxPlayerLauncher.exe File created C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\closeButtonPadded.png RobloxPlayerLauncher.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\sq.pak setup.exe -
Drops file in Windows directory 57 IoCs
description ioc Process File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerLauncher.exe Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerLauncher.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerLauncher.exe Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerLauncher.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" setup.exe Key created \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerLauncher.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\BHO" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerLauncher.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerLauncher.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ELEVATION MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32 MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell\runas\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --do-not-de-elevate --single-argument %1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\notification_click_helper.exe\"" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32 setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\msedgeupdate.dll,-3000" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.97\\elevation_service.exe" setup.exe -
Runs regedit.exe 2 IoCs
pid Process 2808 regedit.exe 7892 regedit.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 9112 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 3836 msedge.exe 3836 msedge.exe 3604 msedge.exe 3604 msedge.exe 4456 identity_helper.exe 4456 identity_helper.exe 5308 msedge.exe 5308 msedge.exe 5072 MicrosoftEdgeUpdate.exe 5072 MicrosoftEdgeUpdate.exe 5904 msedge.exe 5904 msedge.exe 5072 MicrosoftEdgeUpdate.exe 5072 MicrosoftEdgeUpdate.exe 5072 MicrosoftEdgeUpdate.exe 5072 MicrosoftEdgeUpdate.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 1548 RobloxPlayerLauncher.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 7 IoCs
pid Process 6092 mmc.exe 3932 mmc.exe 5708 msedge.exe 5984 [email protected] 8656 mmc.exe 7376 mmc.exe 7016 Taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe -
Suspicious behavior: SetClipboardViewer 6 IoCs
pid Process 6092 mmc.exe 8656 mmc.exe 7376 mmc.exe 11752 mmc.exe 9652 mmc.exe 10944 mmc.exe -
Suspicious use of AdjustPrivilegeToken 50 IoCs
description pid Process Token: SeDebugPrivilege 5072 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 5072 MicrosoftEdgeUpdate.exe Token: 33 3932 mmc.exe Token: SeIncBasePriorityPrivilege 3932 mmc.exe Token: 33 3932 mmc.exe Token: SeIncBasePriorityPrivilege 3932 mmc.exe Token: 33 3932 mmc.exe Token: SeIncBasePriorityPrivilege 3932 mmc.exe Token: 33 3480 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3480 AUDIODG.EXE Token: 33 6092 mmc.exe Token: SeIncBasePriorityPrivilege 6092 mmc.exe Token: 33 6092 mmc.exe Token: SeIncBasePriorityPrivilege 6092 mmc.exe Token: SeDebugPrivilege 448 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 5672 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 552 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 6332 MicrosoftEdgeUpdate.exe Token: 33 8656 mmc.exe Token: SeIncBasePriorityPrivilege 8656 mmc.exe Token: 33 8656 mmc.exe Token: SeIncBasePriorityPrivilege 8656 mmc.exe Token: 33 8656 mmc.exe Token: SeIncBasePriorityPrivilege 8656 mmc.exe Token: 33 8896 setup.exe Token: SeIncBasePriorityPrivilege 8896 setup.exe Token: SeShutdownPrivilege 9112 explorer.exe Token: SeCreatePagefilePrivilege 9112 explorer.exe Token: SeDebugPrivilege 7636 MicrosoftEdgeUpdate.exe Token: 33 7376 mmc.exe Token: SeIncBasePriorityPrivilege 7376 mmc.exe Token: 33 7376 mmc.exe Token: SeIncBasePriorityPrivilege 7376 mmc.exe Token: SeDebugPrivilege 7016 Taskmgr.exe Token: SeSystemProfilePrivilege 7016 Taskmgr.exe Token: SeCreateGlobalPrivilege 7016 Taskmgr.exe Token: 33 11752 mmc.exe Token: SeIncBasePriorityPrivilege 11752 mmc.exe Token: 33 11752 mmc.exe Token: SeIncBasePriorityPrivilege 11752 mmc.exe Token: 33 9652 mmc.exe Token: SeIncBasePriorityPrivilege 9652 mmc.exe Token: 33 9652 mmc.exe Token: SeIncBasePriorityPrivilege 9652 mmc.exe Token: 33 9652 mmc.exe Token: SeIncBasePriorityPrivilege 9652 mmc.exe Token: 33 10944 mmc.exe Token: SeIncBasePriorityPrivilege 10944 mmc.exe Token: 33 10944 mmc.exe Token: SeIncBasePriorityPrivilege 10944 mmc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe 5708 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1584 wrote to memory of 2684 1584 RobloxPlayerLauncher.exe 89 PID 1584 wrote to memory of 2684 1584 RobloxPlayerLauncher.exe 89 PID 1584 wrote to memory of 2684 1584 RobloxPlayerLauncher.exe 89 PID 1584 wrote to memory of 1548 1584 RobloxPlayerLauncher.exe 95 PID 1584 wrote to memory of 1548 1584 RobloxPlayerLauncher.exe 95 PID 1584 wrote to memory of 1548 1584 RobloxPlayerLauncher.exe 95 PID 1548 wrote to memory of 1676 1548 RobloxPlayerLauncher.exe 96 PID 1548 wrote to memory of 1676 1548 RobloxPlayerLauncher.exe 96 PID 1548 wrote to memory of 1676 1548 RobloxPlayerLauncher.exe 96 PID 3604 wrote to memory of 1424 3604 msedge.exe 100 PID 3604 wrote to memory of 1424 3604 msedge.exe 100 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 1756 3604 msedge.exe 101 PID 3604 wrote to memory of 3836 3604 msedge.exe 102 PID 3604 wrote to memory of 3836 3604 msedge.exe 102 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 PID 3604 wrote to memory of 3956 3604 msedge.exe 103 -
System policy modification 1 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" setup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:1584 -
C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exeC:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3b50cd7a1711a7bcc79000fcd87d819e29d4aca7 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x7b8,0x7bc,0x7c0,0x758,0x7c8,0xe7eff4,0xe7f004,0xe7f0142⤵PID:2684
-
-
C:\Users\Admin\AppData\Local\Temp\RBX-0332FA83\RobloxPlayerLauncher.exe"C:\Users\Admin\AppData\Local\Temp\RBX-0332FA83\RobloxPlayerLauncher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Users\Admin\AppData\Local\Temp\RBX-0332FA83\RobloxPlayerLauncher.exeC:\Users\Admin\AppData\Local\Temp\RBX-0332FA83\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=30f9c8fbca8a2403452dc84f4c9fe2c1df095269 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5c4,0x5c8,0x5cc,0x5a4,0x5e4,0x1b9dcc8,0x1b9dcd8,0x1b9dce83⤵
- Executes dropped EXE
PID:1676
-
-
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5932 -
C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU27C7.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5072 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5400
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1776 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5224
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:6008
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:6140
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU1Nzg3OUYtQkM1NS00MDQ1LUJEM0QtRjJDQTUwRTRFQUM1fSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2NTdCRDY2RC1EMzkxLTQwNzAtOUE3Ri0zQjcyQzIyQzk3RjR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7KzBqVW1ZZUt0WkFGNUMzZzIycEJCNUYwUnlkdGYxU0g3Ym53c25vVStmaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNDk3MDU1MjEiIGluc3RhbGxfdGltZV9tcz0iNzQ2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5724
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{A557879F-BC55-4045-BD3D-F2CA50E4EAC5}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5756
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847182⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:5200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:5492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:5684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:5960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵PID:5852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:5952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:12⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:12⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵PID:5828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5428 /prefetch:82⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,13728572357462611296,2863895499650071456,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4332
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:2744 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU1Nzg3OUYtQkM1NS00MDQ1LUJEM0QtRjJDQTUwRTRFQUM1fSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNDQ2NzlERS0yQTM1LTRDODEtOEE5RC1DOTUyNEQ3NDlEMkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNTQ5NjE5MTQiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:6036
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\MicrosoftEdge_X64_123.0.2420.97.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:624 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\EDGEMITMP_49557.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\EDGEMITMP_49557.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5396 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\EDGEMITMP_49557.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\EDGEMITMP_49557.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8AC2D594-C4CD-4985-BE9E-7341E8E2382D}\EDGEMITMP_49557.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x230,0x234,0x238,0x22c,0x208,0x7ff60fcdbaf8,0x7ff60fcdbb04,0x7ff60fcdbb104⤵
- Executes dropped EXE
PID:4640
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTU1Nzg3OUYtQkM1NS00MDQ1LUJEM0QtRjJDQTUwRTRFQUM1fSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQ0I4QzU1Ny1DNUM4LTRENUMtOTVERS1EMEU0QTA4NTlGMzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE3MTAzNDkxOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUxNzExMjQ5MTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mzk0NzQ0ODczIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xYzFmYzhmZS1mMjUwLTRhM2EtOTFlYy05ZjkwZTMxYjgyNjU_UDE9MTcxMzgxMDQ2NSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1jRGVvaFIwTFklMmJJY3dwZWhka1dpcDQ0N3ElMmJOR2FjbENVJTJmRFdBNyUyZlI4WkUwVCUyZmNtSTRpYXcwWE0yRDZ6TXFZWUJoZFJDODRIbFdZZ21kdVd2Q3JQamclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIGRvd25sb2FkX3RpbWVfbXM9IjE1MzgyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTM5NDkxNTE2NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0MTAxNjQ4NjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5NTIwMzQ3MzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDE2IiBkb3dubG9hZF90aW1lX21zPSIyMjM3MSIgZG93bmxvYWRlZD0iMTcyMDc2MDg4IiB0b3RhbD0iMTcyMDc2MDg4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI1NDE3NiIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5692
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1740
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"1⤵
- Suspicious use of SetWindowsHookEx
PID:5284 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:2120
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:1808
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:696
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:4904
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:5280
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5984 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:2660
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- Suspicious use of SetWindowsHookEx
PID:2240 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3932
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b453⤵
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:24⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:34⤵PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:84⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:14⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:14⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:14⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:14⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:14⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:14⤵PID:6116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:14⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:14⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:14⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:84⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:84⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:14⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:14⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:14⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:14⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:14⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:14⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:14⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:14⤵PID:5844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:14⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:14⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:14⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:14⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:14⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:14⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:24⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:14⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:14⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:14⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:14⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:14⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:14⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:14⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:14⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:14⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:14⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:14⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:14⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:14⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:14⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:14⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:14⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:14⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:14⤵PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:14⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:14⤵PID:6416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:14⤵PID:6508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:14⤵PID:6180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:14⤵PID:6232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:14⤵PID:6812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:14⤵PID:6932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:14⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:14⤵PID:6588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:14⤵PID:6532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:14⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:14⤵PID:6300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:14⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:14⤵PID:7116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:14⤵PID:7076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:14⤵PID:7024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:14⤵PID:6252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:14⤵PID:7244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:14⤵PID:7356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:14⤵PID:7716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:14⤵PID:7772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:14⤵PID:7468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:14⤵PID:7496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10288 /prefetch:14⤵PID:6708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:14⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10320 /prefetch:14⤵PID:8108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:14⤵PID:7652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:14⤵PID:6284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:14⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10356 /prefetch:14⤵PID:7924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11104 /prefetch:14⤵PID:7596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10488 /prefetch:14⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11316 /prefetch:14⤵PID:8384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11656 /prefetch:14⤵PID:8868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11384 /prefetch:14⤵PID:9028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11628 /prefetch:14⤵PID:7528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11608 /prefetch:14⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10840 /prefetch:14⤵PID:8636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11452 /prefetch:14⤵PID:8480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11132 /prefetch:14⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12116 /prefetch:14⤵PID:7016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12088 /prefetch:14⤵PID:7368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:14⤵PID:7460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10088 /prefetch:14⤵PID:7376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11516 /prefetch:14⤵PID:7360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12104 /prefetch:14⤵PID:9240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10764 /prefetch:14⤵PID:9756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12516 /prefetch:14⤵PID:9812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12268 /prefetch:14⤵PID:8216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:14⤵PID:8992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12252 /prefetch:14⤵PID:9624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:14⤵PID:8980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12672 /prefetch:14⤵PID:9428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13104 /prefetch:14⤵PID:8572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12264 /prefetch:14⤵PID:8928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13208 /prefetch:14⤵PID:9440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13016 /prefetch:14⤵PID:8832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13472 /prefetch:14⤵PID:9500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13576 /prefetch:14⤵PID:9952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13572 /prefetch:14⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13128 /prefetch:14⤵PID:9040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13916 /prefetch:14⤵PID:7500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13652 /prefetch:14⤵PID:10564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13920 /prefetch:14⤵PID:10704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13084 /prefetch:14⤵PID:11048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14260 /prefetch:14⤵PID:10368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14380 /prefetch:14⤵PID:10384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14936 /prefetch:14⤵PID:11180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15180 /prefetch:14⤵PID:10924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15320 /prefetch:14⤵PID:11156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15212 /prefetch:14⤵PID:7008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15620 /prefetch:14⤵PID:11632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14740 /prefetch:14⤵PID:11872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15980 /prefetch:14⤵PID:11284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:14⤵PID:11460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14760 /prefetch:14⤵PID:12048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14876 /prefetch:14⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16028 /prefetch:14⤵PID:11788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15496 /prefetch:14⤵PID:10816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15196 /prefetch:14⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15556 /prefetch:14⤵PID:11200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16008 /prefetch:14⤵PID:11320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15744 /prefetch:14⤵PID:11916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14760 /prefetch:14⤵PID:12032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15904 /prefetch:14⤵PID:9268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14096 /prefetch:14⤵PID:11504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14096 /prefetch:14⤵PID:10928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15812 /prefetch:14⤵PID:12084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16084 /prefetch:14⤵PID:9612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:14⤵PID:11204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13888 /prefetch:14⤵PID:11580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16108 /prefetch:14⤵PID:10212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15704 /prefetch:14⤵PID:7584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15644 /prefetch:14⤵PID:11164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13592 /prefetch:14⤵PID:11000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16380 /prefetch:14⤵PID:8676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11304 /prefetch:14⤵PID:10848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16284 /prefetch:14⤵PID:10408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15404 /prefetch:14⤵PID:12652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:14⤵PID:12768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:14⤵PID:13136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15956 /prefetch:14⤵PID:13264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:14⤵PID:12664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16056 /prefetch:14⤵PID:12464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15824 /prefetch:14⤵PID:11852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:14⤵PID:12548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15332 /prefetch:14⤵PID:12796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14848 /prefetch:14⤵PID:12476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10992 /prefetch:14⤵PID:13208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16116 /prefetch:14⤵PID:12792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:14⤵PID:14000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=16192 /prefetch:14⤵PID:13648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15416 /prefetch:14⤵PID:13548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:14⤵PID:13972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7769338099882069609,17762998026772925354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:14⤵PID:1696
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money3⤵PID:5772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:4624
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵PID:2404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:2236
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:5824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:2628
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:5920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:5964
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:5584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:3220
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- Suspicious use of SetWindowsHookEx
PID:5524 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6092
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵PID:464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1120
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:5160
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:4012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:4736
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:3716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1944
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:4344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:4544
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system323⤵PID:4800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0xfc,0x100,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6040
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:5424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1204
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- Runs regedit.exe
PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:1732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:5148
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:4804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:3512
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵PID:6336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6352
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵PID:7148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:7164
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money3⤵PID:1588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:5372
-
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:6652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:4964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1080
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵PID:6724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6612
-
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:6944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:6560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:7108
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:7092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1084
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:7128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6408
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- Runs regedit.exe
PID:7892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted3⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:7076
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵PID:7692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6004
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:7180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1928
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz3⤵PID:7300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8116
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:8048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6520
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:6924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:7908
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵PID:7928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xc8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:4924
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- Suspicious use of SetWindowsHookEx
PID:8636 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:8656
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵PID:8356
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵PID:6428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:7572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9180
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:9128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8852
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:6404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8200
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:7600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8616
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware3⤵PID:8516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8932
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:6264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8196
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:7580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8648
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:9688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9704
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵PID:8232
-
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:7376
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted3⤵PID:9384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9240
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real3⤵PID:7996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9556
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵PID:5836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8700
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:9716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10060
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵PID:6252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10232
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵PID:7552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9528
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:9368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware3⤵PID:7068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8792
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:9472
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:7016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵PID:10504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10516
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵PID:10556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8848
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵PID:10820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10956
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:11800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11812
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵PID:3532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10340
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵PID:11756
-
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:11752
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware3⤵PID:8584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11360
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:11860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11968
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:11268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:2184
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:11756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9656
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵PID:11388
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:9652
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:10880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11620
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:10256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10348
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:8632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11740
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵PID:11280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:8044
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵PID:9328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9492
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵PID:10308
-
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:10944
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b453⤵PID:10316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11892
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:1688
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:12060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:7984
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:10740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11236
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵PID:11476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xbc,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:2980
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:7240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:11332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x40,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:12084
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:7616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10192
-
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz3⤵PID:9904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:10772
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download3⤵PID:11824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11204
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵PID:11628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:12064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:11716
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:11796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x11c,0xf8,0x120,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:3352
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵PID:12216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:12584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:12600
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:13056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:13068
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵PID:12852
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵PID:12936
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵PID:12428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:12456
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵PID:12324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:12380
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:12340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:12556
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:11884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:7292
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵PID:12956
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵PID:10616
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵PID:12964
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵PID:10616
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:11344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xe0,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:5944
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵PID:8812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:12888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:9504
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:5676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:6980
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵PID:5616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:12588
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:13360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:13376
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵PID:13824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:14148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:14160
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:13580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:13560
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:9980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x104,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:14152
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b453⤵PID:13576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ffb626846f8,0x7ffb62684708,0x7ffb626847184⤵PID:13568
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3476
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2896
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2b4 0x2ec1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3480
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious use of AdjustPrivilegeToken
PID:448
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:2128 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D54B371-B849-4A49-A654-28EF4267704E}\BGAUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D54B371-B849-4A49-A654-28EF4267704E}\BGAUpdate.exe" --edgeupdate-client --system-level2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:636
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEQ1QTE4OEUtREY1NS00QUU3LTgyQzgtODVCOTNCRTA3NkYwfSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1QTM2NTJBMC0xMUIyLTRGMzUtQjc0Ny03MTU5RkU0NzYwMDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzMiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTUyODY1OTA4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODE1MjkwNTg4NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NTYzNTI4NTgzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM4MTA3NjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QzBBazJ2MiUyYkZha3BiVG05JTJmRmU0TTlLdFZMQm9adnFzUkZUS1I4VnJuTCUyZlZ1aTJWNkxNRUxLTjdIZW1WdDBRQzgxYjkxMzNHeG1tQk4lMmZXZlVMN1hoQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODU2MzU0ODM1MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZGEwMTdkZWEtMzRmOC00YTlmLWEzZmQtMjdmMWI5NTM4NjAwP1AxPTE3MTM4MTA3NjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QzBBazJ2MiUyYkZha3BiVG05JTJmRmU0TTlLdFZMQm9adnFzUkZUS1I4VnJuTCUyZlZ1aTJWNkxNRUxLTjdIZW1WdDBRQzgxYjkxMzNHeG1tQk4lMmZXZlVMN1hoQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ3MDA4IiB0b3RhbD0iMTgwNDcwMDgiIGRvd25sb2FkX3RpbWVfbXM9IjM2NTcxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODU2MzYwODIzOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1Njk3MjQ1NDciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NTcxNjA1NjMzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjY4IiBkb3dubG9hZF90aW1lX21zPSI0MTA0OCIgZG93bmxvYWRlZD0iMTgwNDcwMDgiIHRvdGFsPSIxODA0NzAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTg3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2044
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5672 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F5AEE0E3-268D-47A3-8B98-76424608A832}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F5AEE0E3-268D-47A3-8B98-76424608A832}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{201DD439-449E-40FD-A547-911CF1205005}"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:664 -
C:\Program Files (x86)\Microsoft\Temp\EUF669.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUF669.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{201DD439-449E-40FD-A547-911CF1205005}"3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious use of AdjustPrivilegeToken
PID:552 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4444
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4848 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3612
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:5168
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1368
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjAxREQ0MzktNDQ5RS00MEZELUE1NDctOTExQ0YxMjA1MDA1fSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RkRDN0I2QTEtM0Q4My00RUZFLTk0NzAtOTg5MjRBOTUyMURBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzEyOTIxNTMwIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTU5NzI3MDgxIi8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:388
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjAxREQ0MzktNDQ5RS00MEZELUE1NDctOTExQ0YxMjA1MDA1fSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCNkE0OEY0My0xNzM5LTQwQ0ItOTdGNy05QzU3QTZFRUY3MjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPS10YXJnZXRfZGV2O1Byb2R1Y3RzVG9SZWdpc3Rlcj0lN0IxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDAlN0QiIGluc3RhbGxhZ2U9IjMiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg5MjIwNzY5NjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODkyMjE4NjkzOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODkzMjkyMzMwNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzODEwODQwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUljZFF3JTJmc0xJb1Bua2FraVMwUjlkNEw2aHdabEJhM290dFlzOGxJTjlLYVM1c0JVTTFMSjBRSFY3UjVWSFJrc0M3TGROMmlpZHBCc2V0emtWZHBQS2clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTMyOTMzMzAzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxMzgxMDg0MCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1JY2RRdyUyZnNMSW9Qbmtha2lTMFI5ZDRMNmh3WmxCYTNvdHRZczhsSU45S2FTNXNCVU0xTEowUUhWN1I1VkhSa3NDN0xkTjJpaWRwQnNldHprVmRwUEtnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzMDc5MiIgdG90YWw9IjE2MzA3OTIiIGRvd25sb2FkX3RpbWVfbXM9IjEwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODkzMjk1MzIxNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTM4MDc5NDcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMyIgcmQ9IjYzMTEiIHBpbmdfZnJlc2huZXNzPSJ7RDFEMUZBNzctNEEwOC00NTE0LUJGQkYtMEI5QzgzOEYzQzRFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIzIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NzY3OTYzNDE4NDc1ODAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSIzIiByPSIzIiBhZD0iNjMxMSIgcmQ9IjYzMTEiIHBpbmdfZnJlc2huZXNzPSJ7MTE4NERERUQtQjRFQy00RDU5LTlDRTUtNERCMzI4QkRFNjlDfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMTQiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins1OTlEQzYxNC0xQ0I3LTRERDEtQjBDRi1FMzA2RTY0MkI4MUJ9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:736
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4332
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:6360
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6332
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7636 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDY3QjJDNjktQ0NCOS00Q0VGLUE0REMtODNGM0NGRTREQ0ZGfSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7ODE3QUE0OTYtRkU0NS00REE5LUFDNjItRDIyNjBCRjE4MENDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90OyswalVtWWVLdFpBRjVDM2cyMnBCQjVGMFJ5ZHRmMVNIN2Jud3Nub1UrZms9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTI5MjI1MDkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1NzM5NTEzMDAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI0IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjIxNDcyMDcyOSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:992
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\MicrosoftEdge_X64_123.0.2420.97.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Executes dropped EXE
PID:8600 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:8896 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7ad94baf8,0x7ff7ad94bb04,0x7ff7ad94bb104⤵
- Executes dropped EXE
PID:8920
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=14⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:9172 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7ad94baf8,0x7ff7ad94bb04,0x7ff7ad94bb105⤵
- Executes dropped EXE
PID:9204
-
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDY3QjJDNjktQ0NCOS00Q0VGLUE0REMtODNGM0NGRTREQ0ZGfSIgdXNlcmlkPSJ7QkJBNTM0OUQtRTdCNy00NzhBLTk2MkQtRkUzQjIzODYxNzA5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGMTdEM0JFMS1CODg3LTRGNTUtOTM2Qi0xMkNGOUY0N0JFRUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMyIgY29ob3J0PSJycmZAMC41OCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMxNCIgcGluZ19mcmVzaG5lc3M9IntBOEYyNzc2QS1FNjExLTQwMDYtODZCMy0yQjhCODVEQTlERjh9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTIzLjAuMjQyMC45NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIzIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTc2Nzk5Njc4MzI4OTgwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjIzMDcwMDcwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjIzMDczMDgzNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjI3MDkxMDU3OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjI5MjQxNzQxNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI3OTc5MzcxMzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDMwIiBkb3dubG9hZGVkPSIxNzIwNzYwODgiIHRvdGFsPSIxNzIwNzYwODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjUwNTQ5Ii8-PHBpbmcgYWN0aXZlPSIxIiBhZD0iNjMxNCIgcmQ9IjYzMTQiIHBpbmdfZnJlc2huZXNzPSJ7ODNEQzZCNkEtREY3Ny00NEMyLUJGQzktREZDNEU2MjU2QUU4fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMTQiIGNvaG9ydD0icnJmQDAuNTkiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzMTQiIHBpbmdfZnJlc2huZXNzPSJ7MDNCNjk2OEMtM0E0MC00MzIyLUFDNDQtRDgzQzRCOTBGRUFBfSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:8844
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:9112
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:6404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:10412
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:10432
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:8800
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:13132
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Browser Extensions
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.8MB
MD531ddc9e1c11a44b88cf96c45b3551ffb
SHA1811ccb9706f656e29d089e30a2ee1650302394e2
SHA25646cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da
SHA51267e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.33\BGAUpdate.exe
Filesize17.2MB
MD509fc5490d32c867927e960f673911ebf
SHA12ecbee3518fb701959d2539a88892391250dc010
SHA2569014827c68fd6a31ccd7ec1c8f182cfeeb60962760391446b45c264e062daad6
SHA512cd295d344bba456cdb2394fbe736c7b52c8f20e2776bb6b37c0ecd7068c841a646208e4bd0ebb4cb7880fc15caa8b18da485340ac8f88154e61cf76fb16e8162
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe
Filesize164.1MB
MD5300df46436ba5d076b227c32967ada91
SHA1de9d47ef0c61fb04b7309875e2f03c8fa37d19f4
SHA2561614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b
SHA512ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
Filesize1.6MB
MD5b18c705b3c68cc49d9bf3649abc75c24
SHA16dc8963dea0f3185368790dee2a346301b4fa24c
SHA256c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA5127ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A925E9A9-C252-4967-A563-FEE6AED02C36}\EDGEMITMP_99EDC.tmp\SETUP.EX_
Filesize2.8MB
MD52415cb112f130a1382726afa58a0933e
SHA174ac041e6dc607e476dfeaff2d2bbf2b5c004b5c
SHA25685679b3b17d42aa988b5c753b9cffe457c063d5186a94203b5e584f4156f2179
SHA512a334cba72cb6ae4c4706ef3954e98771c4502ae5ee66d7b2d2dca759ac75890efe5a7fea46818760589a66f425a4bc9d463512bf359723685eba86ba4c1edd99
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
5.5MB
MD5683557dea845051b786f8f8818002db2
SHA1f5e16d11d50e715f076f586e2ce2cfa62b831768
SHA25655e21bdf93c14690e0c93a4170b115faabee5c3f84eaeee63d69bf0e4bf7736e
SHA512f037bfec058e52b7be997b7a60b04d0c3abbd4bfbe1fc07ce98e31647f61bec8fde2288f79b197ce438470f1d684be2068f942444a1ed7a36dc9d31e3847dd25
-
Filesize
5.2MB
MD59fb66ffa1e1f4dedfd16eb3a8170bafd
SHA169b5d57ddda6b97adde820b9ceaddae9c33d53bd
SHA2567953b28b736795aaa54e6cd5cb591e794e2f770c1045ca2e33af5ff19f480eaa
SHA5124b141802e7a4cb6bd4a7498d30086a9d83c62d37f2137f4910ca7d3fb7009079d4dc59b95050849cfc720210b0cb44bf588d15c08e3ba830aae19c0a27e8e6d5
-
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
280B
MD5eb09e2014f7e8811ff2124d9f57ef804
SHA1913b92c0ca808fac8b59eaabb04710ba1267c9ff
SHA2565bbe897e60fdb9a6905e9c8606a7520eb54aa6a251c48eb7b8d69e70d78cf353
SHA51298befee2bb8da22c7b1a56775ccf1c04875fc2ec5e40e043a05103f8172f4951134f172aaaf693420a46887f2c9a580404317fa333ace2a28f5b758a071d9af9
-
Filesize
100KB
MD5327cbf55c615e99a1b23aad8b981bdd1
SHA1a4f12a094136f833b665e26d19a39d162f327d26
SHA256f640df87800e60ef344b6d1b931757772178b15ddeb7e0910789edb1f3631434
SHA512162a5360914db3d2d9897d7703c8430054709aa06d1ecb21380487aab2c269f38c77a68f3ea3cf1069966525c42b6ecc40301a92001b3f23a089b449a2635e72
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize2KB
MD59c7cbb469bd81560fcf86f79dd9171a5
SHA103f817056e75d10ed8a0d1fdf1533cbd268a960e
SHA2568a18474d6aeb13070e491bd63392017664bb61008b73578669f8407aefb7e965
SHA512b0afda6195fe20412ec70b35a0cef114aecd578470c6e1b35b8a56a85f5fbe631c448e51e50b2a7f8f2dae81d957b18bf59002628de518c1f9260b5fcdca8ae9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize1KB
MD58d4355513fb93cf593c4424b6612117c
SHA11aa6714d01fbf97324c53afbc2f47654aa44b260
SHA25650fcb7233d4f8d0ea75ff5e94edbc0e93b55c72a6bbd4a7ebd0adc3929b47379
SHA512bdb65e0b8e2ce0c42b2deb289f71bdb3d4476eac2e4c3c01d072f48af243058989f1ecbff5e8ad705089d9064aa6dca3943820b095c03f69af02a6f490e48b3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD517965f5ac37a3d2a0e07c0d41f7d4196
SHA1b82ccf16459772f471d2fe330dd3376d09bb6eec
SHA256819ce2088812aa36c3ab0ad9884d57ce81db03be13aa1200c9ea6abe06d5f9d1
SHA5120b84bbac81ace00a670ad65cc73edb6cd87234dc795d03263f1d4dacef440fbc424544ab1d3fa97b8766b01b44fdcef92f2ac9b0b258059fc223175b8f497492
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
Filesize488B
MD52fd3f7e21e238ee9fc40d1e65ea25c95
SHA1fa89f7c197b8a732666c4c72dbb53b09be1ad9fe
SHA2564e9cf2c832260e9c433020719b5d6e41f3f6432acffc78bf408751f4b58d0964
SHA5124582b08bd25378583b56a5fbaadd93efe5dfcb34a8d77a7ca8ef7bb84a438bc80d0c828d4fcf290fb8c24a091db739b14e0477a515bfcbd0758f8231ba490ce6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize482B
MD50eaaf3aecca91ddced85269e36a636d5
SHA17d7b0b4292e941549066c6c4af145300309a393a
SHA256be72880f1e4a634fa97cdb53b112ff5e3d37c3b85e0bb1a8c2290753256f4cd1
SHA512edbe0bfcd1c1e517e852671963bf6cffcfae3cd0f5a0872e0898cf02ae8157b775e6d62bd92f4d410c06558cd7024cef5b6ad905478663d6edda5f4946080757
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD50da787cddd7d10fb7c1069423ab54f9d
SHA1d38e08464207635deecb7fceec22c9012d1e13b6
SHA256f3553824bf4eee3f0be08361c9595241d353e522b9aa9fbbdd5d5780d62b0727
SHA512b3432b8b95112bbf6eced14cc713eebd592071910bb4d4a8158d30d5229e5fae378bc9f0ad6e6c906e6e6870b0327ce5a123372253aaaa00d661d1814f588b99
-
Filesize
152B
MD57e0880992c640aca08737893588a0010
SHA16ceec5cb125a52751de8aeda4bab7112f68ae0fe
SHA2568649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2
SHA51252bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a
-
Filesize
152B
MD55e2f0fe48e7ee1aad1c24db5c01c354a
SHA15bfeb862e107dd290d87385dc9369bd7a1006b36
SHA256f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9
SHA512140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e
-
Filesize
152B
MD5fea59b968f270f030193d48bfea4df88
SHA1714b4ca4433093982e14426034d486f3d7fb1c8c
SHA2565aebb0b32b0346e1d13af8fb8e7cc304ddc968371c892251d5edc7d256210393
SHA512030224a7163eafc444b8764675475f7457069348a95e7399d0cf4683f24e1283ab62b2607ce77a53aa10ab25832cdab807f67a8f5dbb88b7ecca1bb53697ef55
-
Filesize
152B
MD58d4bf27b7955aa23212ebe2f7f7c3873
SHA1332e412622b7780c07521046d2ef26b769924a0c
SHA2564be9c6b68d30029ba2b9b90885af310ba2a9674e94964991a73f70deef9233c6
SHA51286a474671c910584eb54dc41c645a5943bd9520d0ddb7ed96d587bfdaa73e5ed546f1697a693616077eae12b85b0474670efed9e861342b221445a4de3ed2e4b
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
Filesize
36KB
MD51548c5f675f1d1fb0e51d7c1f506aa78
SHA14170f4215c2c9ea4eadcf3770dac2ced5e11f413
SHA2562149403b038e0b92af4544cabd1b5b0cebe5b3caf3bfd17b0a4d8fe96fb3bc48
SHA512b724040d3d6228f9b08c3f4a94148585ce385ee25af0eb83ccb78edbaaaf4efb94a81e19e27770adc5f34f34a8fd5ef90234e02f25d773aa09b4fd3f13c2664e
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD5d404b61450122b2ad393c3ece0597317
SHA1d18809185baef8ec6bbbaca300a2fdb4b76a1f56
SHA25603551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb
SHA512cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70
-
Filesize
33KB
MD53cd0f2f60ab620c7be0c2c3dbf2cda97
SHA147fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA25629a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb
-
Filesize
74KB
MD5bc9faa8bb6aae687766b2db2e055a494
SHA134b2395d1b6908afcd60f92cdd8e7153939191e4
SHA2564a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
20KB
MD58b2813296f6e3577e9ac2eb518ac437e
SHA16c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c
-
Filesize
22KB
MD59196e81f8ed7f223d765423c1f9bc8a7
SHA188f9d5c2a6908cf36b8daae803578ca9e1fd2929
SHA256a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe
SHA512e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8
-
Filesize
57KB
MD5fca52241a7735ea5486b3db1b9a00387
SHA182fa35d863d484c0ffad0fb4754e10ec13d549bf
SHA256ad0cb23e74fb15a7cde53a10efbe4eff76284fbf7d3dd43428a783d158418921
SHA5127b012f74289b4b4ca03e324807ae1d7062c835476438b875f2db61b4f41e0f083b6140057f2d750458123ff791457cc8dfb02b877e2d075c54235398c9b51a03
-
Filesize
40KB
MD541caba792bd0815c50d2586663a2f6e9
SHA18ba297073f4502b840d2c5f0a24ba9d515e2dd84
SHA2568dcaaaa16bd33e6cfe7af170332ce93febfc6e8e7d1600d1465732e4405e08a3
SHA5120a8753df627984de1cbde85ab8b8fbaf49f9b76a5728675eb7973a0f072d31f00a4b6df1b9a459d3bc6405ff92a70acf9d1b5393daa0c1a0d34742800cc9c9af
-
Filesize
51KB
MD53fa8c23b89d34fcc51359db6d0551837
SHA169750d3260f6f371a516bfddfe15ca26cf068f44
SHA2564218aacba68899324cbb3f9b7e09967916e41477312ced5dfde41082c6e147e6
SHA51227dfd1aa035ba829b8d76dd8f8012a98dcd06178a9bcafc32a82886b7b06affbd72afd2fb093749a719b43a61a966165d991a2a377a939da24649da288bc4688
-
Filesize
198KB
MD5319e0c36436ee0bf24476acbcc83565c
SHA1fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902
-
Filesize
43KB
MD5097c8d5a6824861ec989ec06e53b3df7
SHA10478b50edf88a19c2848f0bd1d9452480ef782cb
SHA256e039c05623d6f7f1895ed6e049b01ef33b86ec5988e3104119face44f4ff12d9
SHA512cb72032d58e6eeeb60704cc5e7e7f48faf09cba5dbf63a61dbf47e07dfc446d655f19a6ade67fb49b72ccf652e7d537510559445ffa2994cd590eb6bce4f88e0
-
Filesize
127KB
MD57329db207c726877f7087f266b76de33
SHA19698b47033c33b687da7421bc1dab9a0dfdf49ab
SHA256198f92a52fec081e25cf0a41d5a98d5471d6e463b6fb3599b0b64ce26d10bc45
SHA5123914c388aa25ae08cffa9dfd84431dcdcb7fc933ff2f91e3b6bbd297ff9403653b583a49fae59822b364ed9ce942ca957971877d5ec3ee6ed324aa4511081385
-
Filesize
20KB
MD5c0ae6666f9cba37590eddfeb9891a2ce
SHA164468bf8cd31a932aa0eec0b87f78848c0c2723e
SHA256cb6557870f0da23eaf84af6746fa6619393a95bbf0f1dcb387e224408ec349b8
SHA512358828316e5e71ff582acf08cc5964ede89e2ce8a49f7b658b1a2beda52178bb9e10de22189a44644ce29382ff643b5a6c311258f36ae9dc5a2e0c430858200c
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
87KB
MD5c4c54608b0e6f10c7581bb894e641ce0
SHA1411b0a1b5fb4bdd0927abe67bb0815f5b0fadbad
SHA256b82a276ec8d6e7fa023adddf87fb03bcdeed17934907c6be47646af89f5afc33
SHA512152568eaee33e23615257e6868a6f803d729ae456daaca4601b2a1113605ae70caf65e7c9d9d7bbfd660e543a67d02ac82158eff004e377d63b8cef38281ff55
-
Filesize
90KB
MD516e6897aaaaeb8fa242815c20d259360
SHA1f232f9742c8b42f3cc870cea297151016def6312
SHA2568a73362db01e8adda6a81d4dc2a42746f90ff203691b92b0c917f22eac954b14
SHA512be10a1121a0da961ab337cf6902bc8cc6779d80624a624c82ab69e969a867e7027fb4812f01c07b0d04c9da8a55dfc443dfbc5fc8468df5ccbe1f181229e29d0
-
Filesize
54KB
MD5ce36ca62e278376eb0b03336d46c7b30
SHA17da160e62817fbaece4e7ec12cf3a459353b15ca
SHA256eb74577d65417dc3fda1ccad67c76095b92c7be7f2a2001891ba48083530f0be
SHA5120135b5c5e44ce6e08ea3df4a66eb801926c21dd15dd8f849fa7088d562f4afdee97b7b4c92301214faadb7d36ad1053abaadb2d0feaf649b6696399c9ba1640f
-
Filesize
70KB
MD551970acf652853c2ca7afba17fdb64e3
SHA137f4a7dc94674bcbe60ac13ae186f23ce22edec5
SHA256e2288f280cbb2de19c19e5b0bdee58fe1ac13ec87f576029272ea4ee4af92857
SHA512798a39c7adca64ce4c1275ad125c6c530bb32c586dd2f350f8120d6a504a0d50ccef32a442ee3495762ba7af3719bdde297d1b97bfc3747ba1d5dab69974632f
-
Filesize
288B
MD581ffa5f0423c28e2959b96483f090839
SHA1deceb8d0e447fe7c22d08f5eed868a5e708fad19
SHA2568e2fb0952c7418d6b5cb30fe437e55a079ba1d2d22d9402330d11ba9c7c82c4e
SHA5121b595c23e6902fee8a728261c3aefab6d582668de9ac12fbe432afc9f496ea61f4b84c6dd03a2f69793733c57b454751fa9dcd1cca0caf2c5994a23aca0f79cb
-
Filesize
19KB
MD5440c2aef2f18c10cd96daba6b98532f5
SHA1d48c57381420b72f73a8e1f97e4097f0f87a4e50
SHA256962c0de81c1de2f5900f6ffc7d78f8b8a5e2684931c4222d134b903131260a2b
SHA5124b5320e51395492d7a7c4c8c86ab51c4dc97e552b9e0ece131dc4179077384ee0ba6647f1420ba14882f830cba7394e2ee3dc3c430019f19516609076e4f4d43
-
Filesize
406KB
MD535b44685f9d01326f264b2a632ed1220
SHA17df2ae6b692419c21353c63b13e72b1a3311e5ea
SHA256fd384208104ff43e6bf3faa9333e54600b7b8c945b2759ec2a64cce95fbd71b4
SHA51277d828d9319605cab3837fe79be93d99dd36c97bc756e9e454912c4775b10f4449a0a296ba1fcb6c2fb1d14ba18a38fe0c6446a0bef097d0b310e361650e6d19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD58174fb0a826dd65daf844c79989889c6
SHA1e209b479b3e0721d5bb093702432c8662f20fafd
SHA25602687609ad8c40d97e3c35f31ee1ca834c2cc6e53d0c791ee9ff6e24543d52c5
SHA5123681dc0fd9a4246b8decd97592a3cc47b6caf0e83586e746884c15595f38fc781fb1f6cdb6d4859a9ff51a840257e4a4fde9909a90f1e93f96ce2899e922a663
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5ca53a76501fba84bc6cf20da4b8b450f
SHA10b58c9f095bc73596838477e4600c38a6b01cd28
SHA25688a2681d466e5fca2f040985c593381c2860cc0294102c064f903e8ccbe8d77b
SHA51207732b93367347db0ebde3f84a0277fc63c5e432c982539124a3dcc15de422ffb78fda991df49cda19992d8a9df5cba6709e762a1b0175a8ee8963ffa7611457
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5eea8db6fe707108ae75f5f8c86594752
SHA1551915140e2b73deaae565353952a20978b9202d
SHA2562d5c36bf861bc57148faf1428de6bc1c1abb4d0ab7dbfea94d8286623f428a04
SHA5124d33f626fe4b18e4b2937a835b6c44decf50f3f7bf5da0477676d51bf9d6628b6450355d9d6fead010d99735815f149f35123adb031358b0c77410c18e1e919e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD58f498c55ec96e746069651051088190f
SHA1162715d6143a1635ad6b555f58dafe74575b195d
SHA256543096408d6abdb9c4f1f52687c329339f56a205ece6185965efccba2dcf803a
SHA5127b4c8a2388473fca27ede4ae61d1acb7926f3ff9e14f2830b2b4e3cbfe0d6a691a789262d43d60e57e3f920dc1c271779ffe0243f69bb08221aca76d80c061c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5d3f6fc33a1d97f2b7a9da84e0bbe2a6f
SHA1d3b591f6277adc1c9a1be7084f87b6f7a7292844
SHA256039194fbd4d442d6ebb88703cd0a8ac878a45d296b4daa63934911e87ed16dbf
SHA512ba557d78724ae0bd28a1bcf43a90f1c8b30c3e32be56a7aa52912da1a9e553407fb35cf532d67666745938476f517277f052f5d6220f2a3aa73f21e3288a92a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD58edd0f73dcd84c4097aab891dea0d07b
SHA1fc7a083f044b7ba6d785644e1b40286c9b78a78f
SHA2569c5a36b50466d8873b62eee0352edc46ac46112a7c5608d0ea11ba56069b5ece
SHA512043821b8f525de0f9ed54ffed7b9921a4773375ff0eafef93ff7bd7b2560a5e573435c0778eea2c69011e3dac284952ed121bb2796d97b9e8ce80f7e0a8401a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD540ee4d2f793d3783280b1f0435d68617
SHA1c8a90f93a0ea1992d5ccaa193a3becfe783d9eed
SHA256c477f429b9c2b332b732281f8c6ff2df92c7b786b195bc7d7133a242a5ccbcc2
SHA512abc2ff9e368c87d760b79f8faa4ecae9816838b1cc975dcfb6843d7fad367a1b46d370f6c515c32966e129ee005e55c2ff20bd23dde089d711b0d78f97c9d913
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD56ff2082e6641d37dc57967dab617172f
SHA1542e0adcfaef95d84d4499a84625cd6a43cbdc0d
SHA256136e597061edcc416e03d51b3fd90e498514fd2f59b8974a54035edc5402755e
SHA512ad0335b431f11ed5d9520255162d036bb8b8506f4424d10d3cbf052d0b9230d704cda8c7ae78fe8477c438bef7bf29695eb46210794f8859df6193428a066247
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD55c525a972af7f89d1c4f67453e2e0884
SHA1760a7c382f49d6b5744ac6d99df385c7617fd7c4
SHA256030d697ed4a2acba7724cf7f6f079c76555159f961b5a690af62236a5b98dcb7
SHA512bbf7fb59706efd05082e392301df84262fc09887926d9bc1a18922b3a7ae5e5b0a1f3116bf4b903bafae7c56a41a326fe9a9b43edf847180037a5112a95bd997
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD558be02ae5680a69319d52056b7103790
SHA1615df0e097a4620739bc4a7d8cdceeee691e54b9
SHA256aad640c739380588e956eadb1abc65efbe979dee63682bc94017c03f8ca1261c
SHA512993bdab0b2de6679d2beca22e69fb28c12fe0381c879d4cc7b5c78d0a76020b37ab9415764047ffd82d5a4bbaa873044ac4659a226445377710ddf6824a22f78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5462ef7e1996d1c9c0f2b6ef99b6cdca4
SHA14675fffd4531ec9c27d366a75b8b743c95fa8941
SHA2562fd0986ac0abbd203b2432bd57f158f14fdc462fb600fdb814c4d6a8d4270add
SHA512001ed0d2df1bc128c0a088dd743b61f2e417a78c4206983934ffcbcb5c43490c226d1b2d5c5ae6727f1f6e4b6b40b5f64eaea3ebb8923c57730780fb08e8d6ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD56fdfe3db90fd39d545239751a91d2248
SHA1ac6c9f9218e8384a0b2904fd26e42551a45a1058
SHA2566e329f85148bafa1232e3006f11d9d3fc1599490f3a5260c7054ef9ba45d634f
SHA5129145d0faa85846da2020bd0d41ca4c4b8f91db6995cb30c01c18bd97787d8bfe3237904861d7c9aa6e2a034b8f2c76932471a663cb4f774cd3b71a45ff94525f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize8KB
MD5c305341b42563d2e4137c4a2b75bd7f8
SHA154bbf767e64ff87e140cdbc62146c9da53bb360d
SHA256086013efb91295f52a56c2d1c3bc715bbfd16397eb5bf4bebc183286bff4294d
SHA5121b5ea05331ec82c140ba879d3ce4bdfc6c76b4aabb061836024ebf4b8c0e93c2d4730cb83540e647d1ffb651800480c26d051f26dc42ed39ecceb9945cf83192
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD599452fb619b8420639b8325d8dec9132
SHA1481172bba66e5fed3bc8f912c0e126dc0781675a
SHA25650ae28c06707b3cecd469aa4f1f41ed88b816e78874ca4c141568c0fe4767a66
SHA5124a25b516f14f2c1606a0d67bc221743e35b9cb1c330c0395e8de74bc98cb5569b342f4d3d5d87e36e886702339d392b952a8e25f4a7e49118fc7defaf0e006d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5b86872e76fd9ff8553f7b97fa226aec3
SHA127c1e277020f3e62d20dfb20796fc7e643176b7a
SHA25615124d31bf6ecf3264c4d728f9fcd36fc75c36dfd026a0a5b648f11932052abc
SHA512258156a2a7ee7bfaa23c834080b506d044ba380743ace296537c37e719404a5a9f6616ecce6dcad226c630d6e8fad16dd31f397e1c03a670e7fc0b628c6ea305
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5852f76c47abaf69c3081eaa2aa62220e
SHA14cf87e15095d26cb13bb1166a07a9befbb8d1b0c
SHA2565e8d6c72e514d0f06fca880aab6820b6fcf5b36dcd88a94d214c82630e8258b7
SHA5122c58c8197ab7197db921eddec902cfe76917e0088f745a88a9117b854f386a404ab6e22cc2999c7d70cf001d9950b28c12906e814dc0b724f199ca9a9a1dd1a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize8KB
MD52f16a6a86518097b48ad676afe63cbed
SHA1faa7987e76662568a76d57bbaff4d5d747873c5f
SHA256d8035a63e8ffe3104a83ab85bd025d1f7f989187a827f2ddba93e15d668dee4c
SHA5123993632bde64cb145c0f4b64281e72597295bdd5efaaa9b8dc07577ce979849c72f544cc88a3bfc2a32b77def679114916d2eb0d7864967290303556860ea358
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD5d1d6087de5ce5ea3843d44fe84983c0b
SHA1a0c4f13a6dd292127f2cbd2e9d6f1473081bff81
SHA256a5098e9811c604b85a7c4c2c2fbe294d2d61e01f07345f63c6a3e7d038857468
SHA5125950b04bb283b8d4aa622b2502e38c4fe8a939ba7631d2acd50ffe6c58bf3725a5205847ac8e153f471b64afc3e7e2808a315ca6f1f7a92acb1e57626607f1ec
-
Filesize
2KB
MD5f51c9b4bb78a2e8721ba851224d77377
SHA173c71cdc55628870f15d5dbed12801b5e2425bed
SHA256f44bd7602c9754fb1accafd520b574e2ae4acf735a5ddf75ab681894cac1cf1f
SHA51252825ee9bfa40e220a5d0ad971a72b330d54d8657b1ff6bdeab6190a777ab4ae4b27a85abd9695af968c71bb57ce382f9e6365870104dee3324120e302fef492
-
Filesize
3KB
MD5b8bc597007b8cf744e86196dbc94cf13
SHA12e5573332b08c8c18c57a426e53e557477fddbd3
SHA256cd9f6c41982e2c183aed3067bb13831c743ebf0dcb86062cbe8e80476d258c55
SHA512d07476e8841a51bfc76edfeae4aab654d54cb77b5a425bb87bbba2e3db3e4aa8b6610550633d956fc20cb2f21d69531d8fea6cbd5d455120a4122c81e250079c
-
Filesize
3KB
MD592122bdd42d513827709cf12b27a6293
SHA1906a715724297fec569a4301d331f31deb84caac
SHA2566469bcd7f04241eb32845372f58a35b0849c7927b26ef0436b86216e934820e4
SHA512f1bc66bfa7396472f6874a8fc89f217984ffe016349f78f76f54786317104fc1f371f893a85fbf0af45a8308ec09b3af7ee122c4ca9397063b4fbcb09373fc54
-
Filesize
6KB
MD5e5eb7b664651b8b11af5221ad63dd525
SHA10836562ad322107d7fdee32fc93ce278510d8407
SHA25633b112e8b9f5fb81b33795ecf8e778ce584d523db1bd0651a878b7fb03b55c0d
SHA512e8976cc0bb0567546553d0543eebec79e9c56ee03fd8efbc5f332bfbacbeff879bf321976280d9ee7d9e94de62406a9dce6a6b3d70643ce1b8545a9ada95a4e9
-
Filesize
18KB
MD5124608142189addf3e7a7ff0b42af455
SHA1a116324dc9b7bc2900f3738fbb92c4c01cb7b7a0
SHA25610dfb977bf03f76ec89228bf4bdc094d4337df0159fbd484ec7a9d24ab6d980c
SHA512a20a794443ac8ed39658dacd18229ebf46bac7806a44e06b4f87747bf4ee41c04e3479569c54cb2bec84ce6f00bfab70098bcd468172c79e69a4c6b07a482c55
-
Filesize
19KB
MD5ea8a1cc9ab4407467f7e4d9b40974897
SHA127fa9f5eb9ddc272b098552b5b0b449749ff3ca7
SHA256eb2a1c3b1ae259d6b151e073762b689552f5910e178e53487512a8134d25869e
SHA5121b0319d4fb95c805019b4e91761e6d6aa7a61e1c2bdf7797f4d9ef82afd98d8425c0de5aca7a4589fb1b84bbd39b4948c0fc42023446d5267f3925bc0bdac0ce
-
Filesize
3KB
MD5a173f22a23e3054c18b3b51f7a9f06a4
SHA107a64aa47de591cdbcf273527e880fc71f203df0
SHA256155b16f306d9414441b9516aa7675c46899f3650de9c6a8e6388c90b4afa5554
SHA512525147de6ca9f8fc2ebc4ebdd287be6d025f9613cb95af3c4b2ef065d824e5e24e2ff5e1529ea2004dfdb723572cc40041d708095243db5d3ad4707c2481c117
-
Filesize
6KB
MD5e7486ab749fc4ffffe527296306d9b1c
SHA1991d28e776478ac78ed19733096aaff787b3cb31
SHA256fbfa09a0eab258c77b9dfe6c4cfb0af774fc7d0ebef4e8f5ee6a888e2ca796d7
SHA512ef33274ea169b10f66a54a7ff4846215e3c21ac2f0e84746d30e441ef247286918e9f70b388e6f506c54a0b85e83809322a816dbfb314e9d577ef3638ad77fa1
-
Filesize
6KB
MD54abcdb2d2fd0d548959c13bef873b6fd
SHA1c87af7ddf180680c59c1100ff822d55f1227ddae
SHA25625c26bc2ef7cb480f0a35ce0bed3e7a2aa25eeb95d35badd9010a6010cf582e1
SHA51241e3ad557470453cebce2e4aafee9bf28ca4d5e08a48c6ac4266ecf1faba01cd339657f07026db6d516f5df4a01e3a5ff8eb3e4ab48f8f39905641c800f61cff
-
Filesize
7KB
MD5ad438da8c434c428e171f6729775c576
SHA16dce4d81897964dc4163571bc473e07757529fae
SHA2568548b06e12dd3c32a0bcfa463756d367b76f1be2b27bd81b74519ef38740bab6
SHA5125d37aea6db941f7db2f13a18592cd5ae72f7690331a2fee57e43284faa38eb25bda3913524614db7688a0b45f6f69c4d8544d69729d4bafff89fc5c766a3fc7c
-
Filesize
7KB
MD550b316f445369c1c9803bfc5e5e9bad2
SHA1246e32e174ca6dc8d2273443220efd2a41b58fff
SHA256bc86a06c5a0d00782beb2e4c5c2460a54825e29268a20c27dcb0b3dc219144de
SHA512732b0cd115f64df5d4ee1c673620933a730de633dbcaa770d76b1e41f48dbb7ec49f6418e2e651b38c53c4b0a90389f6cb7486e470edd2bf1d29d6f9a3b7b519
-
Filesize
8KB
MD5796b5f038ece9cd723dd1975ae94d884
SHA1c360a368fb8bfea4060906d3b70dc95d9d327c15
SHA256a0b531dbc75cca023d77223ba52bc8894ca6381369f1d0972160e8cf0a1914fd
SHA512f8be766a1580074034f0a64b852ed549a2db5ded3f2497754172f08241c07b6ca3560665ab24515831c69c109b9c64bf6a96d6dad4c25cee2d538c24d450bd92
-
Filesize
9KB
MD5d0a599a982f8fdfda9b7f4f15d5c4aea
SHA1000bd9b72e8bbe9f44b53ec8b9328c6fad89362d
SHA256383b05d2cfabb27dafef5b9a508854da38d6332a59c6368dd9f212743193d950
SHA512ea236d5dad938d3b4d7b33acfc8260eda30d1099f794bcad7ae1e8a035d305503c2e952bbb1eb3241b4fb771f9417b417124d0211c451d62ff5f5ec694c63ff2
-
Filesize
9KB
MD52b299470e99aca253c8c43bf9267d303
SHA167051cd84c3b4b6853476ddb08c2cca213ae43c8
SHA256ff378c6bdd1ec863bee85e38d236e934cd26facc9f67852d54e0ee8e7c1de94a
SHA512d51ade7ef8b2ec1ebea86398d6a106baf674a3d708716abc78e01157e0536223518f462285c6567902d3f8690109cc90cea2be52d5ff60180477abc34107badf
-
Filesize
12KB
MD5dc18993c3832eb61cdd9975709391a9e
SHA1a587fb65d9032f1b6d6f559ee52cd18175ed72c2
SHA2561ab8de67f7e95011169010f9309b883850c5798900cf9575d1a6b1b73313108c
SHA51219f828f791ed0e0507c1097b0d7a1877f43a2aa90d457a17d4bf13eeb65f0feed65a4641d6b56e0744aadc5c53e3431112575d748502326b270f55350bbfc9ba
-
Filesize
14KB
MD5e567b49c45942cf5ca03b225de128a34
SHA11a46e2ee0102365eb2af536d587f4978bcf37e90
SHA2568f706b31b9e8030962960aa28b1f529a4e4a2572b49af9bcd0d0347205ff8fcd
SHA51264204d68039e2179a2085892f83826c291ed42818cf82fbeba38aa34bc1bb06b214370457e61340597a1141a40ce20151300e62e864d2dfa60622cb9a3b9106e
-
Filesize
15KB
MD5b40a205417337133bee4de1e847574fd
SHA1520e248c5e5501daea0475fb5bdbf8da352a551a
SHA25658d918fd811891700f21b93d926ba8bcc08292950e89f977745ca79c6188bca0
SHA5122530dd4bc98461288cfc235b20e5f75288d4fab0b3bab970e4c5847243d6260e8dec60cd5db029287f08614bb74e64d6947fbee884940d1b85920b8c84c35ed8
-
Filesize
7KB
MD5b3619d849c068005f3c2ebb7cedcdce6
SHA18e7da97b418851a908b5d9a80f5c0f37877c011b
SHA25619131696922973fa8554fd00f5317b3ede1b37b4df69f8880eb0815abc24be27
SHA512bdddaa5e2cac7b76af1b3fe54633cd7dce27c6af040d7808d06275a14453062ff757d00c20a7fcf23640e848af0e828b08f59a83c17642f6b7b9e54556f3c6a9
-
Filesize
8KB
MD53cb973fd027166546d536407b477e36d
SHA1c34114657f31e587e5e7cb0d813a6c97bf4a9f7d
SHA2569f1ce020645d6f1aad378d1863f3a950e185e047a260ea830342485ef00cd1ff
SHA51233f7e2a35b10ac193bc274c849b708ac6ff8e71b7324b399987f37a9e8599be09a25c6b8db30a8250d0fed3e53e1ac91e6a4175ca7765e8e4ac35caaa1663637
-
Filesize
6KB
MD5c201b3e24d86e2ae756f484176827b7d
SHA10fdfe6b73a13f15d4feaa839aaca9e14d0f3081a
SHA25657cf173effd8c5e44260c4ceeaae3f27c70307dccde8b5a987c81bfab5764038
SHA512d9b742ffccfcfd0ea1ca20788b36f2532dd518900b5eec335457649476bbbf0df791a2bc88c1de604830c8da2cdaa24e8fe292f7375c1bcb37c5ddac3201fe49
-
Filesize
8KB
MD5bb8cf5323993749081b8fa599c126adf
SHA11c97c5bbc7154e05a17522b6522a115f3969c6cc
SHA25666bb5216f6a55a05513f1653b9516dc6d8e713b582cd355e025c71afc326c547
SHA512759ee5d4e6454884c0cbf22a7fe90ac5b4631fab276432c0620cace418af701909b8120f51dadcd88f3764339544ef82577d4e763c6c210391da6453af2702cd
-
Filesize
9KB
MD530926f05ce02404143bb693d910194db
SHA176946e07ed6539437fe21d7da311c3e47cf1d369
SHA256b3c66b0bff4dde90c183fedb54a33e710b349106c124cd638789c8c549ca2e9e
SHA51210181a2405300e38f915626a9a08101190baa29b9663f9c37c7d1e6791ecf81a8d505653cc5a7e0d907fea73a3892124b02d5099400cd649f22959ada7982b83
-
Filesize
9KB
MD58ce54c11be9a600482b500f656d2d467
SHA189b1f432f2f95b36653c22e6396d5316f887f170
SHA256e3575424a69eded0d4ebc681eba8d527dda090e7b75c86a836d3bea6f285682a
SHA512ea7da9dfaf066b4e079d87376586302b6835f85929bd8c12b3c2a0a959ba2d5538d718e0a3d61d75ffa238e367c229e858cf3daedac6ef7d0eec81815eb34418
-
Filesize
9KB
MD5be0754070cd305b0da47da1df265ff56
SHA1711172083d80c46103779587efcd38592300ec0a
SHA256061a67168d5d5a6b8f1b3191a0fff8fc1a9a48e1afb9480bf286c5b9702d7289
SHA5125742879ac3d5e5226a0f9d72b5448c8d4ceb3cb440f5e2c782286b0c66624b6e4e20e081e2670834b4a56f941a8c1d051215d045dc7d30a1fd164bbfb0bec87e
-
Filesize
15KB
MD52d9c3fb2087806631e4373243bb346f5
SHA179b85ebcf7adbba488fe7d4b15856a491f4b3a91
SHA256685cbd33bab4e3cc426b507ac2cba26ccabb4b614168151b2979bb85c0d9a8ce
SHA512cda79bcaabd70b86b1f75db7eda92e032abcfc04344809cd1862eccdefa18d73e7d90a7600b18127b70956bbd4d49c0274e9f3bcb4c2dcf0ea22310726620ae1
-
Filesize
9KB
MD5be84e24f5569bb9e171c08d08cb7d4ab
SHA1ccbdc9b1d02a39522c9b945fd3099c443f8f4cce
SHA256ca38b488ab528e075cf0c8043570a4734af5d2c4284a7c153f740b1f448c1cbf
SHA512baefb1da6ce7cdc0b5972ce88829beccb8e78cd46a11fd0afbafa74c8fe5adc1ac30477756d0927be4362719cc62f2333506c3bd7044a68391e3e33310625128
-
Filesize
7KB
MD5b74ddb9b415a96ebc2a476b0f99fb7bd
SHA1ccca68ef50e76955ab6d437e8bf48ad0617e0890
SHA25604a284284fe3157e6cce5af2acb783b244cf0a8f4535746a1b8568bd700a7616
SHA512e061d4915c7b5d45b2842d8e26234383248fb9557f0b5ffd3a2ae01d64b914c0ec2bdef73d866bbd01fbdc96c1adec28c5cfbbc6c23d3adc416054bc61c5e497
-
Filesize
9KB
MD5bb4c2a472eefe8728cede3af191d444c
SHA12a1f25b5f8595ddefdf1aef3cc7c0af09e3c2dcb
SHA256f9dad6a051ee94c874e2ba2e31f347449669b273e0742bfd555ef5d282612008
SHA512c8a88e9e5ee420d746dca009824b41928917859361fd5106034d8333c31c822e3d93fdcf04b4a1c10574141c9970a24323b3009672cc128d43a0787c4ae1bcdf
-
Filesize
9KB
MD52ffe51a73f481073b8b4eec6336d88fb
SHA1056725217a22f866be33f6d2d8d04907b3076246
SHA2563dd6933913b6fcdffa60f41c410184e5451f2da986d9260d1f4718e8a19af7bb
SHA512b177a43e94cf643c48006a01d09430e8de5102364a08fad3069a787a919f5321958046355a8c83d48c56f4732ea85e48c0dc6bd024f3bbdf8d30f45e3571c129
-
Filesize
9KB
MD53114cd685f7c1db75622d9b09bd0744e
SHA1dd2a31e25836dbe26bebeea1c6ad52bdb53f6762
SHA256953bc1d9af5aacfa55722c0f87a4bdcd108cee3e65160643b635e3f7b536011f
SHA512f24a98602ff0c28d16c04a6660e94bea874628c8c389a146be7c1c8f05594c482778e00de33f414c0259a633c0006f029e83faee595d6dd1d8ee733d083e851b
-
Filesize
7KB
MD5d7ef0539ccf5f0545aa328c82b272d83
SHA16d3d6a0387de71746caa63750337297ae6fd2fd3
SHA2566aee8bc3706ea3f66bef4ed224cf46237448f0a4ccae31ab038c16aafc14f0bb
SHA5123f1e03a5521bbfbfa0221049232da90338372be968007ea1d1e52ef39e284d606b7ffa198d3bc5a9cdb5a4e0012984685d97099329a7b0a0cee5ef5d5fc76cd0
-
Filesize
7KB
MD5b02493cd7e154d35fdbb4c317a9610e7
SHA1e09ada7d3f5f009dfe465b3445a5b1003a8d119e
SHA256c0b2293ef44a891f8f5c1af196a2297f8d3bfcb616b70247c0a2608e11e04f6a
SHA51237b342391e741ab611548ed413fd2c85eec96eda0ffb1679cce3ea81c67d6fe44658d5f4093029117645c6748fb9894f47f405ae41a217e8caccca3796ee8692
-
Filesize
8KB
MD56d004db6572fd3ff9b7167d1dffc0dee
SHA15dc9addeb5532110ffbc5fe66bcef4ac891f66bc
SHA25663d8b1589ce56722aa3b88434dcac829dc7a054ef9616bbdcfa85715b7cce47b
SHA512c713c1e5e7491fb1155c87106296e7737e88d34ef06044816aa2650a220c6d0c6f0c46d0a78519e234d206d61c80ff943f217260f6fde1e80937ccf69704d846
-
Filesize
9KB
MD53aa689e6a321913d35ada9d138e82164
SHA15710d5c761f8620fcdfd007c45fdb3aa4cc1694f
SHA25634c84235fdd12ffb5eccab712aaf98a56120a1b8684fde07622c3794715e1710
SHA5124d514d9f970fca6232a3ef56a1a764a8f82d7db66a1a2ec2fdc875bb9e1c579600f7082504781153657fcd871d3949a243ec1903d848175801bed9ecb0bf7d3a
-
Filesize
14KB
MD5df54d0669a9650a2a6c43d1029748633
SHA1fa30fe48958c1768818d30446cd392ac571ee44c
SHA256f34066d6b3ff6a14e735609261c8a24b0b1f4a7105a6f3e20ba33a6d7c9fc668
SHA51237db56c7c8bac6b65fc68e19c9fd462537cae508bcafacd87ff41df969712aa814c73aaa6a15eafc282837a9eb7fe490c2e314853c4ff3f8b70aadb43768398d
-
Filesize
14KB
MD5cffe52a67c7f6b829367841b0bd2e4c9
SHA174c4658c9a87fd0bb92afb7be2a069ced3d567d6
SHA256d49e33521ace0892b77d9b7c4aa7d6401e2892ddbf7050c95defe0699c38ddab
SHA51207528c4ad41305389586dd43bbca177f83b1567d3332ca400387b2854238576bd443f650493980b2259b19f990b2f26d485f842c2e3a084b946af6ee08f38f00
-
Filesize
15KB
MD50882ac238ea50ceaee6161973c17e924
SHA1e6d0f1a2dfba60a5cefd035c0ff79ec38f42fe42
SHA256aa1fe04e929e5163cc943aa9de83c97c10c341b691362c6f5634b458af0d5ff9
SHA512680dae1a3974a433c9fddae6c9f0230896de2b168e8aa79d78e560c51f81408746414008d06dd3a2c553ee07a86b7be453f6ff17da9c5cf2b2121407a1c1998c
-
Filesize
9KB
MD57fb77f6e6102410d959b49de8595d760
SHA1bee6d55c79b263c37b258ff4b6eca5e2ac191fe4
SHA256cc3b9427b0cd76e400dc2db558e88a80d5942f50c600b5546a185df272fa8405
SHA512ff3bec58e7faa90e1f11049a5a77a4eeae9a9e7587a333a661c41741a80093d5e6ed6ab34a84f43774a233836c7c4fabe2d8e9a90cdd320d50d55f8dcf0565bc
-
Filesize
8KB
MD5bf82c38e3e8560d0853ae327894a8c18
SHA1bc8c131a4a3050a43eff8837414d366cbe84850b
SHA256cab4d22ecc99c177198acb5ade39afd98da5be07983f505f279443138a575f7e
SHA512b00a55b6e856456dcd145287d0782e3d18d8c80f5294bec339c0576ebd3f289f6591db583e70f5b4d139c099dd2080b1c4f61635d59e458aee535cf3342e1445
-
Filesize
8KB
MD53027a98d2cf9249ca01266496236d233
SHA1e3ad531a805fd51ea5d3482abe48d0112d18a57c
SHA2565b71f87ad8a1148bd362b3203de4ce97b1bcb5626dd781b6a2d3ff1db8d7a258
SHA5122b13bd0033538cbe1a15e2a631881a968f5e26949a4c3b28a86539392d3108bead875d2854ddc8eea318bc1e77a3ad841a5e96056e3fed8de2e11a67cea2ad83
-
Filesize
8KB
MD5874f30ae275d935611cd70ddba3af277
SHA1ce6ef78a6924152c3b7c80dfde3afdeebfb16234
SHA256d3187f4632eef559d01da4b2de6d151da5729605c4dc5d35dbaec461f6ec6d49
SHA51244621fe5160ede240f715d35fd7f567e4550d080c14a5384ddd3719e879f29c39c7d25a318fb54274c2108d6a8902b2f8ed6c11199120fb561eb2dace6992ce9
-
Filesize
9KB
MD5d68f77aa1d9aba42851c23b3baafeb13
SHA1396a80f3c60b147fd8e835a77997f5106cbb9618
SHA256a13ec35cff9d4926717e681e1715bbad8e09646f07eea006d17907b0ba3679b1
SHA512b0a2730c79da8c85cb914224fd205baff9c7acde6588d76113014a98b00c89fbc842362577c1a119a81507bac9fa0f621727b23598ce8f5766ce0cbd4de229be
-
Filesize
9KB
MD5b6b9b72fb408f707192c70fbccf77188
SHA15dcf4d64f2d130178fc69d29a2912e2ee72f84a7
SHA2567678bece8acc62eaaf112345715842d65e8de745a05293653322374947973a9a
SHA5120db26a81cf5d1f53180585f808d15371bffb4161200f62f7b5638d46d385c20271ebfd3c593921934aa77ac2c406996c97bff1d1d520ec264769c59e2d09f81c
-
Filesize
7KB
MD5c4ea3a6fa442bfc060444554d093cd8a
SHA1664ef375b92ebed350a83f6d82d0ddf7c9264d36
SHA256e97ffc2943cbc674e50a9397797a4cb48a1468eb41c07a07c362b231e80ce685
SHA5120c8556e84afd26787cddf58ce0681279d710c44dfd07a55ac80bbd51cdccf0f1b33b5553874e4d6f028f9bcfbced01bfac2828fbef2c464b7fdd7486ec28201e
-
Filesize
8KB
MD5489cd67ec6b574fdef4038c1452773e8
SHA162a41dcf7a4122c9b44455968cad5938a8cb8c6d
SHA2567bab58c02414ed5538db159bdf4d424eb417617083770c99862b947ece0be415
SHA5121eadb41c31e897c7b3f5f9520423e65c53d82d42bcbce7be3411a493103a38a2d4c479f09d0edd1878c60a8263d79190e33206e0e6db87073ed79420e1a98587
-
Filesize
9KB
MD5aee5f5cbc102d117b4deccbdcc5b26c2
SHA1c2eab422a3a8c69c48dff6db1534b63288c51b62
SHA256d11308fcaa17572aadcccf943ec8427715dc5f72ff90669b9e639b4b1e6ca897
SHA5121a97988ae256bcf69809421d4bb9f676a6e763161aca67c66a43d85943f71259ed98d108a122d282423f9760d052fccbbf62c8a68b075893fb927b06a1267092
-
Filesize
14KB
MD5b427fc2ffb5d3c673dffc225bdfd583b
SHA16dfcddceba2f4c6ea4c3ff922a0b64b828bc7a92
SHA25677e0002b465c91747ead522f60bd5b323f1298d6d7cbc13ab8070e4ec5b28a2f
SHA51201f0bd50141bf7a95850e5d0d568c4493eb01ca4e1c16759f0f00a53759661e4dea9286da56402c3337cd40d4f07b797eb66e477188be2b3a483394f08fc9163
-
Filesize
8KB
MD57de1900fdddcb409841240afa8a05c53
SHA1920f16a023ebcc2123abc7b22cbd93ad627759ad
SHA2568c0e9d80712e9afafe71115801cf0d5ae39b008cac6f87189329fbd2cc2c7bd9
SHA512d21444018f5a0cb13b78763480e54687668d01930eaf4e037285ad8e6f1a113d7f82d2193d6aa853918271c45560d06afaf4bb8a5ab590056cb24bad9f223b6c
-
Filesize
9KB
MD5ba0f95b7ce6427868ab31c0c65f06c70
SHA1075cf8542e5dad1ee725a456ee5690cbacbd0dbd
SHA2560f03f815a88ac5ceed7e80ff4fc3143bb0f923f06ec04006ac5a76cfa6431f48
SHA512062a9a5c5cb20da7387b64c19ddc3db77574b0eceec2ff696e4eb62f5639ff7884675656b2e102f4c6a6b4c15f4c90e42b0ca74056104fbb6a708997472584cc
-
Filesize
9KB
MD5405647088f9e7814d6d0eda3af0f2aa3
SHA19d0c047cf5863e156ac9cc61a22ebd4eb700d93f
SHA25614b618d9c543dc32445f93ba75bd4d04602dfe0aa937217d236b16b81ee64bc3
SHA5122c5378b3f7c619332b2126cfe0379cd0fd83fad33ff036c03c8bac3dfccfe04729b4d89aa805f3c7780b548c3fe54fb29f9ef30fff3e0ebf8e5498cb532efe1c
-
Filesize
9KB
MD52944dd6759a14f078e370e36a4b46d42
SHA159614d2b73efd32ac04ced6916b38330b8c0a046
SHA2560c66db6b718141622a7f788f2edb79302443f08d4c74bc62712e9edc9d6842a7
SHA5124bd4c769e85c11aa76b4eba62a14dce4af8a525aaee6198e8d292a73dc2d08c1aed0d261877fab52943b35c19e01bc297fe5bfc585a012e63564a56e015e4f88
-
Filesize
15KB
MD5b76ed8ef50d3f52a01fcc598d9d650b6
SHA1bf747a4d23236dd836d389b5cdd3aed625808fa2
SHA256b4bb444b0e92893e5fa0bc664c89a2ff603b36e989c8a0bb4a9581f7fc9b0647
SHA512e2df276d63385629f89591bfe9db8c7fcb4716b326d5fb871baf4cfc436f8b50890536180b9d5840471f25e506852fdb5a1fb27bbb8dadffd269e89150cdeb5e
-
Filesize
14KB
MD5bfb063db4c97752ae4e8e597f7d8786c
SHA184c64811f645f070bb72350368a7a3de83799231
SHA256fedae177843071480b0d6c29475c34af737d112190435c40b79c7166db054c53
SHA51202e700c7a9ebd9f9a8542f61d51993e05a778097f89e1598703c646162ced279f5b56a59d71ba9f8209cec4b4a8ca6e1c0ece3adb469b18a6e70f5ba6c4c0d4b
-
Filesize
15KB
MD5d2b031fcc9632900b3291e15def41f65
SHA1d939753bea993895dc4829086b1ca30d1807c3af
SHA2566924727e6cf1de8c909782f55f10269c1648d93af6494ec00e806ac856206572
SHA512418157243897fad22eb90ef201c05a0ed3dfcc12d3e3d7c99b678b3609884e1906954a615551c0e06ee996c5f0c43870ea8f294cd7263876d386233b33bcbcae
-
Filesize
8KB
MD5c9f945463b428cdc2d2b69eb01e6eadc
SHA1c39218588379f509d3535e791a10dcbe7ee381c6
SHA25685e45bce727bd9f961fb3b4d3196d92f7bcd5c4f511c6582f4cf85d30de81031
SHA512f43bae929a28a3c6e9eb00ea1f98a1e84ffb9c672cbadd0e840159e9a9aa41213d1e1e239611b6d07f94074391f95a17b154ed0cf0208378515762499e9081fe
-
Filesize
8KB
MD52c0cf0d8b8e10945a45fa3d31be7480f
SHA18ac334fbd9bb78b265627b3e183a593ae2a38a66
SHA25646f44a1264f18d02ec9c5f72ae53660103602809392405d7b69f45a2ed2f8955
SHA512f0e9b7274aa890e0aa52ef74e9efe7319faaef621be2bfef44a6d4041b49104c4abd4c88a2418efda709d0b78fa7c57b6f2143c2bce95e41ba93dc9f9b6cfed7
-
Filesize
9KB
MD5bcfafb704755ec86cc0a86f7caaf5282
SHA18d3f9df6a9048d709c0b2e0655b69407e84d9281
SHA25603761c643569fab0a6f232af19cba8621386889af96a5494101b44ba8eac1488
SHA512ea1309d37b9b6a7c31f50cc45c7b969aa4f4b679ac3b29b26b483fb5a4e20c531baf615a0c154a899e1641f9703929c22e251fc3c790782baa6b27ba071e6a96
-
Filesize
9KB
MD5f1ea59c0fac2c2d20048f814a63f3062
SHA1db95ef911e218e60d565c2d99f34dc3956781328
SHA256c4daf7b0ec52d544ade61cd4479d404ede967d38aa0eb4618c2ce33134bf604a
SHA51297f1678b485b0ea9807164a11860f2bb6886a0c6f7e3c8cfcaa9b4aef1a6be458d3cc248d6ff4d8475c4f382b7d79b7925ffe0cd370a7f80436857bea09b7acf
-
Filesize
9KB
MD5c3eda75dfed12588deccd0d0e7c69ef9
SHA1f1a4ce7cccded4ce3149d53ea158d6a98a845fa1
SHA2560ec6507a261d65f1c13ea0e781d570130be9d7d1ec266a9b52ef0ec80ac1121c
SHA512e731823d44c5f76a586edba1c6c8433132a3d066ac2837b3d182f47024fbc2effe2905dd0836b0587bb5317b259e210a495792ec00694bae240e75e6277d7c8f
-
Filesize
16KB
MD5776dcce46305da00c39df10f9e5b584a
SHA11ff74c87620d10b131888bb8583a7f1be8733b60
SHA2568363788b75e5039640b470e1cec092808d25c364af9c23769e461924368de929
SHA512e36bc13456f63cce89f5b6a3b7ace9eb3cb06d05b5d45ad41e5dd3a3a09d27a308ababddb146c3908ead35ddf1bf5f310bf32713359b393db2be4cc39dd6c900
-
Filesize
8KB
MD5c34addcee824321ee316c858b7658125
SHA101dedd2a59052b5306e2dd256797f51b3b03e426
SHA25626331508cf33b904b09788f75eaf5c6002d93c4067067bd18c691fb7cb995ccd
SHA512ebb01632d77ed316458296402596f21c6691bf408c215d2545112af6c72bf2545d9a441f8f7b9ff469793370d8c43ec141c6c22b5646a0d2a563da690f177967
-
Filesize
15KB
MD513d07908698f556f487eee78183cb329
SHA1fe194ce98bbf037f9fdc89cdfbc9f8e28af3ae6c
SHA256d858e6514decd9852d5c9b1997732debdad15257953ef219778c6d5df4ebe234
SHA5120554ce2e272f7be1106561787b2168faa589d82eafd31986ad0998e470e102ba159584c2d2689af5949a57480027aa209b225094119ba010afcde387fe9d8f40
-
Filesize
9KB
MD56e67eb80e9e2ef1cd99ff9e92f40f2f5
SHA123725ff0d823cf8dedee48e030652eb6ae8fe079
SHA2567e899ea84282cf60edd996f99be52a70a6218f148c214676a37dec1a976f0af4
SHA5122786915df56bec68824ab1044ce2f1c863f2f46531324b347d7cfb45f5ecf6ba70a40384d3081b00392999c8a6bf362e742c742b1e416ec92800f9c0b5314001
-
Filesize
16KB
MD557d73b00894c000b9522d4f5db1deb73
SHA12658e741a3cb4105dd1509ff901bb329877dfa39
SHA2564ceba404890c1be54c152c471495c49187cf902b8144e481be1f5cb497469a1d
SHA512356543ad9528df1b62843cb51b39ab9b1e38b332f002fd1df7bd1a36d7bed3a59895815529e2a0a29006ee1f3606a25358d5039f870562242a29d2dcb4d8567a
-
Filesize
9KB
MD56fbf76a3eb3c136ce259fdff9b1fa45f
SHA10f564635a53a21ca24d7fe39c465f2067ef4b6ad
SHA25611d4ca9f952ac52bcb24b4e1abf34f074c398019805371210f813f8832d1395d
SHA5121b310f27338b1591384280e4e7ef88f3c72911a00ea64464e8201c7f3a9be2cdf133d1da4455df7e94f84e8e04a9c455389cff722a71732134fb1b93e5dc0ab8
-
Filesize
15KB
MD555b26c7db072ff39fb3d836e3425779f
SHA1cfc6e0b5348a53f34115f56fa8f041efbb03e934
SHA25606a7f91c71d51c9beedd85a078e0601213c79c76bc553fc09b6d9ee3db3762bb
SHA512793fb6fed0d5c61b97b39d2a6d9c427141963657523a1f88fde260a9e5b5078bc38898edc4cd710ecc0ee42b38eb8e5845c187492040cc72ace3c913a8d26fcd
-
Filesize
8KB
MD545b973685c247879571f627893086ec5
SHA10dae71c12d167c9ebd53083eb386eba66ce8f5c5
SHA2563a9867f9e01a30a5e7fd1ee4a3e6f71395be81d9f7b5f51e69fdd2d99299d6a6
SHA512c8b5bb294aa7231aa875c9b42f98a1ad258e77e8e426842efaeaaef02b6a6023171adf585f63df60f8e6000f70c6b549c5e7b1f36858020c9d5d2b1fb834889b
-
Filesize
9KB
MD56c3cab6c80c0072e641593b33750317f
SHA1576aabaae616c59732aebda11cd88f5204d34f4c
SHA256877077fb731de949dd5a5fd0c5952dc82ca75892697665286a86c1052ee90f37
SHA512a3604f92b54958e070562b8da08f990d739fe999aea3668ce0cd0179dc1edc4fb39f0d3c2566e979ca09f43f9d59064c748397bdb288784f4311803fcd96dbef
-
Filesize
16KB
MD5e7a313641d805d3a75631ed8f2dd85ea
SHA15da3b453c13575da93c5a58dc265bd3b4b7e1668
SHA256e19b780dcfcc50872492be2e7dd20f6c3b4fb7f4668f799c008834c6e98fde3d
SHA51220867c08dc31d804b46e23dfc511e3d9419394a1cbb238afafd6ade33ba03e105635e0b832a8276203a20a8ad49f4aac5b797d571a40d7de4729e789f49c3518
-
Filesize
15KB
MD5249da74d97a54427b5e84b71b7ad0059
SHA10ff43be82697776c6112bfcc55c1f236a6464978
SHA2564ed64acb3fa863e32b0ae50333600a4e61ac75558026662e60fb045b39ee1e97
SHA51298fbb8e14875ef864c1f005e8f557bf8923640ed815a3528dd5f5e48008f9043e37eacbfb76dce228bb908f2ba8a6f85786831a11b3169182d0902b38d948f3b
-
Filesize
15KB
MD54e7b29e905e00f858cedc6f8ccee46e0
SHA1d94d1f4f5e24750252ea9b14a38373404ce2efaa
SHA2567a3d1da1dfb7e0609d4557835db17db84d527b71d698c4ce3014ebc6990d60a2
SHA512c35dfcb768f0e19d577226e9e84f8ca980eb1a6775df89b7d0bc4286b15f8b88333942ef55e2fc88d1bc46427e572776da076252eb333f776d4e9361a0230200
-
Filesize
14KB
MD595b952635f06610e4c11e85090054619
SHA110463a65271cd6d2d86aaeb8d471a08537a15b84
SHA2567e69108d6d0ab7224445642123ef2aeb2fb2a899ab2d5a66f16251d17ec4ff9d
SHA512d8d6e5646772a854a129e05d68ab921e4798a686697a8a26d0dc7f29d11819446470d5c6ace487cb26eca8d7404c52556973ee111be20aa51067c2c9fa2ab954
-
Filesize
14KB
MD5052cde90c7352f12e1e58800edbb9999
SHA1217312b3b845e09e2ed0e097e09eda44bdca6b96
SHA256decb5ac3f57a1ac26af94af62347cdbcdf297345cb0413740b2385b7a13892fd
SHA512298708c263464414146a9789cb6dd904db73cff66f127683ad379343b5fde96f2ce8ea5dba0e3350b1b9323b67cef1882b8dc315f1fc5b3108a5656d148c1456
-
Filesize
9KB
MD51343d5fd873904d6966149111c0fca11
SHA14627f22645d692b2583fb53b99e8e211a06011e5
SHA256ec0983f70bfbab51d1fea8a1c3ac60c9da56da1f2d79d508f28c2ac69dffdc5b
SHA512947609ef5586c441fab50c7cf159e58d1e5daaf45f9628a5d5b7dd64129f998b6b3f90e0334fb269e04c973f6d1c65b35530a4a83c15b0b2eba54f5d70c66484
-
Filesize
16KB
MD5bc851342c7f7b8d49971f354adad1b39
SHA1e43fc5c375a3b1a7d727ff30fcc94140ee280dd5
SHA256583156fa7a06487e70d8e57f5bc19a693ad6794063ccaf5a9c1bdea042ef4465
SHA512ab1d4acfaf848939903820d6a6ea46043016acae28df160cb6a5bf6178f501a535de74a7c517724b64f36d211e0ab228444ff58cc2d40a14c804393e102fbe51
-
Filesize
14KB
MD534c58f5017ee36194a0bc6ddb506edd8
SHA13b4516e61784ff97cc180fdd58ea34447516dfdc
SHA256580f6fe2cd14047cedd1be005610778f5bd366e313e0068d88cc34d3ef29741b
SHA512fd5a5df08823c3b5f539da8eb2c77b36e1a9973643a489a275c80d3f1e09710a943edd9bcab3778832563d5e1a06ca1bd6d62138228d421bfe9f6af0bf131e45
-
Filesize
15KB
MD51da3740739df1c153b0989fd972f1432
SHA10381a951256c36199fb10ed10c80e410e3a5f0f8
SHA2565d2f46a0fc4d589284144bb987746361b2fc12dfe879e4a9fe33f1dc403a7fbb
SHA5126c75d9500263649487d26fd8284882498caa6c67bda3df8c87a1a3edd555fc1ac18d26071437a982fb8caa68bb7766339a95ef7956039f12d1fa951ff7783df9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5cc345860844b580b6d4ad5fdb5e8ae53
SHA1dce7c4bd1bc774685eb81315e6a04948e5335a87
SHA256173e362db30883bfdd65985c6c75ad78e904e88665cdf5fc573d6aeff9cad83a
SHA512a90926e507743ff1cb0f8c21a63e353ee7737c99fb5a182599ddb6303a8803467bebfdda809e4d7e65535fb1c5e3354cfa0681d74ce39a0cd4435528c0388aaf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD57721f39183a6e0c5f7dbfae798ab6855
SHA170c50de30e8af19624b45aed1cb3c040524a384c
SHA25699415b19cfcd584a2311802e962a7c59d6743ddba020e03fef5c7ee2ae7bfd23
SHA5121fe9681ea5bfb992bf1306e37057136ae2d43b0d43682983e24e4bc5ef6c84367659c78f7fd1a3df275262699b65a629e19dcd3b18bb0e7eb6acf59182f2257d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\0aa4377c-4933-4b6a-bc40-21183f40a8a9\index-dir\the-real-index
Filesize144B
MD5334ed9a251991e09f428370426d17a80
SHA1adf0e579551141f604f01d1aca661a484075def6
SHA2562b90da7d3e101e7e6eddb50b51035c2c9813692ee940756178984fec19a62e8f
SHA512724d9cb49fcaa06fd2bf123aab0bf2847a9a65de9dba03dbf5fc52552b139eb65b63294556e7c13f4755816bcc42eddc50ec8b71b6e232cb6b7b9afbc68f9548
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\0aa4377c-4933-4b6a-bc40-21183f40a8a9\index-dir\the-real-index~RFe6896bf.TMP
Filesize48B
MD5fe5c974f09ed1806197107d15f081c42
SHA1e1427bbe2f0f188f5f1c4e238de8ba98fd1bf6f2
SHA2567d77037157203e2e721f80c47b10e8c17696633dbfcb543f702deb25b78fd54c
SHA5126a66d43bf8416290bf32ae21b11d5a7be0b1bd102e71b0264ac76a6b723385d88ba66dd48d30ac33dccaf4776984e1e7028fd3b437ac8b2bcc0ce3661ce83ba1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\c1ae4240-7dfb-454b-ba01-1436459735df\index-dir\the-real-index
Filesize624B
MD55c46f97c27a2538e252ceb2dc8ba31df
SHA18fc7705ca49bb40cfaf5c7ee16ea55b253b968e4
SHA256e6ba274394f0ab8da161a20f0fa197abe1b181d3e8e6b01c0597037873934d09
SHA512c29e4b7a4a41b3b758560a9d9a5c69025ce94f4611ece4540c706343bb9ee9f37352425f7976b5042c4b8a6d825f60da1d3b19bac806f9bd22d740c56db27a47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\c1ae4240-7dfb-454b-ba01-1436459735df\index-dir\the-real-index~RFe68ca91.TMP
Filesize48B
MD5b80c35e971c422ed71655c13344c6349
SHA1908e41af30c754668461b116386408d4b252f260
SHA25660cbf770087fa135a07d3c3029a7c7f6fcc7b833dea10645d61134d1dbbfd542
SHA512e1cf8349b795430d3d8587a0882b8b67bac6f709da33688ffa78393fdd4300bc15020f3b876d72e7ed3dea68c89647e878e894edbdcfb3aa26ad1572903aafd3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\d378c0d7-a4a6-4b60-bd42-66857643b1a8\index-dir\the-real-index
Filesize72B
MD56c7a5242838d01b720bc9b5d33d57db5
SHA1659e8dc6ad8151efb1d73661310555b25a8d9f5c
SHA256258de649a082b36bc60e75b4f430a9a09dad7f3782b9f0f8363e12b31d981fe1
SHA512c7715bf57ef2662ffa8c0f0af6e839b05a70bc2e896e9a8e409d9c2f46a794c5ae14eaf65b4a951094cf622df86be821ab1b8696a2e6e6816b0328c7be3305bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\d378c0d7-a4a6-4b60-bd42-66857643b1a8\index-dir\the-real-index~RFe68974c.TMP
Filesize48B
MD5b5a32991d1efaa50bca16b26b207149d
SHA1bddfcf49b1ff35d22947072840f074444a9106a8
SHA25679e0ae428be4f8f9de2a0ee0a99c53dc08eb28007f2f2cbc3cbb2be4980e3554
SHA512ddea94c71e8c09f11616d90033aad90e2e42bad2152d9ec1b5db234a6c848027c398c6a370169cc2f593810ed5b42d2108d0b812858f099560273f01c1c33e53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\df9f62d5-b887-4191-9fa8-c14cf9507962\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\df9f62d5-b887-4191-9fa8-c14cf9507962\index-dir\the-real-index
Filesize1KB
MD5d8e6b5d8986769ab3c7e1e79b5291bbd
SHA100661b207c347392a203bbeb04b7828f80cbc59c
SHA256c32991ca59c3d39a9ae96136571b90e5b9c7fff75dff7fca88f410ec0d8b42c6
SHA512775aa760ea40b5c6285b0b3564ef7a00bebe5eee1ecf03d206f9430e2e1de00668d6d32c2278857a18678bdca072f1deb1f1686c630cbb12a0b77333d0cb8781
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\df9f62d5-b887-4191-9fa8-c14cf9507962\index-dir\the-real-index~RFe66866d.TMP
Filesize48B
MD57a279ae3639a823e02c83a7c2de64723
SHA1f013af76d7715102b636aee0d81f7f888bf71d69
SHA256355db7aaaca282c3c58bdf10300a49d62fd28e628629d0150e336a5361768440
SHA51283b8fc966e7ff2f4a8c897303c31e8edaf16f738218cb815eebcf93a2e8e814520ddf502d43287ad33978bd297d881f06dfdc7c6187cbe4b3970ca4ce1fa1b0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize240B
MD504643b5089e7192d433a33e8ffa905e3
SHA194bafeebe668fd4aa72b6d33e01bdc46c4100ccc
SHA256023867707b6ff82ac6f48c95944ed0440f395548cae2a4825644e88990e40ecb
SHA512752bc3185087324a6db7076446f5a8b20a1b2af3dda15a8eec69fdd4a1ee7f29aa2c2af46ba609fb252e151546695a3345d58441fa3d4ad27ffbcce714f3948d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize307B
MD59382c80055d4593624ffc789bc6e4ee9
SHA154c908bcdbfd584fb5a1ddd5f46fe833c59d645e
SHA2566acc9fab8f3eb014ae7e3bc2960e53c8463ea85cf7b6a5f4e1b88b812c1cf225
SHA512439b8775e094e8504efb5cfcbfd9d02c698b629a0597b6d45c3822246ff95252d0227e62ea8b2f114d8af83147926c1b275bb73b13a68b3932807e038c61aee8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize176B
MD53649a4e43d31e0f28ca4e9a6202caaf7
SHA1e1c309d55d8ab71c80704df73839cf066a03f123
SHA2562dfc3daced64cc11eb165e5dd66662b0433c8174a62dc3697b2a927ce6945802
SHA5125189bc334dd573a0e0891f97c3068fa1e9ded02558148ca67714578df6728ee0587d1e4029bc53b0bdc536dff798b79a27862d6100c5f5514e6c5f5e3be43471
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize302B
MD59971a43123627050980e4a5079f8b65d
SHA1e19fc52e62c3649817d0737e23a887bac77fd871
SHA2564dd547c6071889c544a0a86cba0d2850ced1eb7c9dd4bad9caf968d7de333765
SHA5125446421a77676b583168ed6ef758b0bdd04df6e793b580dde8e135b3b98d18bd72cb6f028455de7bd6cf86faac7ec9729e733838df14f77fb944859988a02d5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize115B
MD5a3be13d05a10ec79d567688f37c99caa
SHA1118d148245249378e986818fe3e38771d799e4ec
SHA256255f674e1724a936636b12bc977acc9ae27d758d291e332e0b8168df8eda061b
SHA5123b9ce531a7602435a86bdd0655662626bf0e7dd01075bee0486b0bda86bbf09eda901180801e74d5607ccc42e1a53bb40118ef009f6933af69bf7b84861e3f48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe66866d.TMP
Filesize119B
MD57333304e123164c545b96588c27d1f00
SHA132e692f29841c7bc7d392dbd1ae7bb378c31220a
SHA2561484b9bc81c5f35e3681d1a5d297cb62c985420c30e4883835ca3fa30c706d53
SHA51258276ad783ca38a665d9235d20f87f7c32801486d1bce65b2221c374b58ef9eda852ab1ac5cf3dc94da6547de1bea2eb596b655abceee03d6544a603e2d87fda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5246b57d9b14b3f747f101760d8f2d995
SHA10dcb00eeb2fffd6c18efa313b33d5bcb4fa6c1e6
SHA2565c6a0f8bfc8cd64418687882408890b81732109bdbd427df598231b72ae04057
SHA5123c0bb50425c6596f13da38f63acbdc2e559f258ff0967a87d491ee102d65c1514d39b400cf56c1668b0ef40f6dffc10f643f727070de5b6ecde643a6c2a7a704
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe666a79.TMP
Filesize48B
MD5424fbd8cb2d5cd4b9ec2fc21b282d7a1
SHA1867e7f758bc359d2dea592cac4e5524d2ee57146
SHA2563f9f16e94f6b358de49dbedf4fa59f20d3d4ea1925fff2c4d6a9ebb7c71dac49
SHA51268ba1d27bb827e0cb0ff1a3869b90bfb90f1f2533ad21cc344ec81e39d9b5632a8f29eac6e5222d87c6dc8d92fef86df8ddf9a4f8afb076eb89b3e62bd1a7bf7
-
Filesize
1KB
MD5b762f6da7402a6c9e07f705481b650ca
SHA19d3d258fbd3245b1e0331466cd9f0d54e6097f21
SHA256cf609b2c94bc6caf1d52398d6feaf819c30e202142d3a124c859bb78d04b8b89
SHA512cb148e50d1f782f1710ed20bdbf2c25b5c3d8fe9586e53a6cec66fa7fda1d21ab94d8fbf44ceb1f3415f2ae5654102b25512284b96c35e9510e5a434085ff8ab
-
Filesize
1KB
MD51c307332d33b0053ebd0566b8aa82bd6
SHA1a5f78bd7d41e72592743f81e06c4127ce9cba3d4
SHA256e53b4e83b02701fc4ee62efc3dfa5639445478c298a14810e2449d494b5abb55
SHA512b51c10a74dc5debd2ff6037e8397350468127066f74f406a060f74719386ecc0eaab5420e09291442be801941f30fe8cd4843f16dc2c5174c328b2c6c8f5b920
-
Filesize
1KB
MD560c8b6f46acc1a4bf23d5b6cf3dacf52
SHA1e0fa9f8e22bb7642c9737cd3090b233ca182e5d1
SHA256101aefa2b36061f0bc0ce81aee12bd77bc425c2a8824bb23f4973499bd3f18e2
SHA5122361caa90f540e596df4496620288bd067b3c28a228c56caf15570e75a49b752ece3bebdab84f46f25c1f76cd9d702d126ca938f7292ddad1081c7ca58cdcae2
-
Filesize
7KB
MD58ebd3c884307b934c57e3469cfbd0fef
SHA188b183c2a063d6ad8d339f80c101aef5e9b69602
SHA256e94042827ee56f41cb3654d8a0d21d0dddc705a46ffe18b3a52bc4030efd6e44
SHA5128ad718ba3d425cf8c1a53c2d60342e97bae3d797427e164c71de53f99d445d9bf468ce00c8782b2368718ff039f760ec79ae5b671262393978038f54346f76ab
-
Filesize
2KB
MD555d7bd96d18d1f82671787778855909a
SHA1723d9fd218bd1500cd4fb0062496dae98da61acd
SHA25655455c03663e276c4ba2df19441e7e97834396063f1505ba2c510e615d528346
SHA51240bef9feb0431235d446b35e05b5cffe9ca0c7a6a5c78ec90727fd57f2e705497af5d86204da6fb869ba1878732a4c037aa9080a8a4a9dbdc9c23b70e717be2d
-
Filesize
7KB
MD51e8768494515da3b0c24e65c48e8b020
SHA150adc567610460b40a72692575385abefd60dfe9
SHA256663195c2b30e04eba9e4ab68b90683b30015e2408439d0bd6d84c065e222ea8c
SHA5121494bc97305298fb144e158ea6b81a1c62a84496b6fc0a4e24cb9e15a828bad70b2e6341248b279f0685a150fe597157f4c4efb38b99b14f2e9d65fe235d0b37
-
Filesize
1KB
MD5dbb87ca462224fd27159102f2cd8fc31
SHA1f0d80bdced1d39931536958fa98891042d95f47c
SHA2565d7959d4096f97cc04b99a7f4fd17640318f920e65b7715ad0677a8ff8a5817f
SHA512d157bf29d6120231738b4168463fc79c8e775fce1aaeeb07a84bbd33a1a6a67ef3dd748b943230ff5dfec382a6a0c3ccf0eea168b8add16b487b1b36166c24b1
-
Filesize
1KB
MD57b8a687757aec49c679575326ea9f810
SHA19cbfac66c8b28bcac1f41f85980833f95d0a2bbb
SHA2560870019e214204c18b563d1708e6b5d1e054ef683cb8c97884509ac0d3d7a3c2
SHA51259e3b0c7b93241d57d6d0d1d4918a9488dc3ddbb1b6d8beae6fe7435450f9321d9d77da28f963084a8add557fce30d973570fe0820f01cfe90ade4d533147b38
-
Filesize
2KB
MD543b42084dad8e0af527b3fdcfcc73168
SHA1089b3096d740bd1005400805c87dcf4b01ef6fc4
SHA256eef953369a0fd5e3fc51911aa1042af4d69f6b94f4663ae51968ceaadeecb647
SHA5125a82b4560732f90e62c6d8e4df61a28acf3030205db4b15b984a5022817cbbbfcea146cd06ce8f2150ef54b7a81a16548ebd61591a5b5b26b9491deb55b13f8c
-
Filesize
2KB
MD5ebce059d235e0242e1784a43667fc343
SHA1cab9ac234e8093a4b42c806d5deb19620a6db030
SHA2563acbce9fa3a402ecbf7bf21362425b32bcd26b7646bcf8143f9ce2c0ae1f15bf
SHA512ba4b484fbe7995dd4e5f8e462473c4ab719fb813a297676d557ed2b685251a667576f938dfd5cdc0d59c09825d9dc0557827c5d11c43891e6bb9fa76cdeabef7
-
Filesize
6KB
MD5eaa0648db1cb4ec0ad8efd432f9e1570
SHA1b1af4c4c7e7676ebc20248007335bd41d286407a
SHA25660643735110215e1812b13c543d00fa43ab65eb8d9f01648639a41070a4cd05e
SHA512c4e0736abf47ace209b60f18e2340201461f7c3c8640721bf9a45c9039b080f6b02c15bd9d0642cad8c2495c51bc27686a927b9bd9d264b8a7ceb1f42cfd0e15
-
Filesize
2KB
MD53304c12fa834e65352f49939ac45b112
SHA14fc9c5d254d92b69bd1e1bb19bf0aafd8379e2b2
SHA2569e91ee92b274476ce0c347d8c39a55060d944b792e98f33aad1ff3a514534138
SHA51203d9dfee398ad7442264e18010b4fd751d823321b38586b061b636215dbfff43cdb6c77a9013466346f77563a097a49298750e9af6c403712a8cdcd223347a67
-
Filesize
4KB
MD5e12ddee19d19c865be01e3a56e5a3617
SHA1cd3c382e507957b927d74e87b6214be276ab1ac4
SHA256840f494c93ce9dfc67081d5c8284b6d57e264974d6d80bcb52bad48b9e31b8ae
SHA5120c10443d06520e6909e5d759c54daadc020403623890ae7b592e8c674bbad370d838b64fddeba280e9412ca97ecd2d163165115c8dfddaef4b715c713965f2fc
-
Filesize
7KB
MD5266a49923267a9a44325c17a05a614d8
SHA1c917cee22fcbacbe9f55ea2a5e037f8005651a88
SHA256af85a146b3cd53151b3e07b2f19e06e9a7c5a56caa2a223dcb63a68d7db60b39
SHA5120a4e1ad8fdd2cfd7774c6608978bc2aae8105d9070498e711d7608974efbfc7f946fa86cb2bc1df291056c3cfd4ce4af2b26e9597ae94c8977f7052a758f8795
-
Filesize
7KB
MD57080341beba1073e0b9c8487238a9d4d
SHA13d914957603f2edd8bc8c709078684ccc6573702
SHA2565deb3e801dcfda26ecc45c67dfd87d95be35f8df63a14e2607171087362980e9
SHA5121a97d7feef6c67d005c9d5e5af5259643b257737c592538dedb00dc8de21119ffb8517f9a5d9620de7d250d4ce677e214936c4ece66f213eb65310cbeb6b36ab
-
Filesize
7KB
MD5d32d20caff3275cd395456efe278cbf2
SHA1066bb85b0dda6b56d7501b45c8189a80ef3aeb06
SHA2561c2a9363151ccc94ca2bff097ab9f832f442d9abaf6d99148c738299de917af5
SHA5125edd4de7893aaf6986c116bff96b2afb1e3d3e56a8d53efe054f5c63d7b17ce8d11cb4f812b66fd41bcdb13d077441d31ef42fc6694ca3ca562fa9bdbd20a2c4
-
Filesize
7KB
MD5c09d637a924a9d5e5f93ce4e1bacfbaa
SHA1a471365d2f5297ba03eaa404e3a519513e8c4517
SHA2567f30cf331aefb43b624a7b75c9566d7d9ab781c2cb504ecd8e02fb9c8e0833b6
SHA512d8270d62ac641f038e44dd15d66f849192558124de91c7639e270c4c881003c404b6a3d8eada11809affad00d677dff9222c249f4df79f692466133ac6fa1c43
-
Filesize
873B
MD5ec32b44725c65364f3b9a2edd0f17d0d
SHA1f4f34afd59037a9d147ba527229c6e3108ccbb5a
SHA25643e60cc64b9bb10eb7c51a5adf39afd6ce9f2b5d9ddad304ea5ab2e1053cf19b
SHA512accfa0299e2d68e8457882524ac77d8b3d9ad9ce8a9f5622e8cadd3144df0fa08785fae55a17168fd3ca909a13a83f0b6cab653baa6770e48f9d579c237754ad
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db4611bb-fecf-4d5b-a18e-c27b6f8be37d.tmp
Filesize8KB
MD5c49e405633038199a2c932ba0b8a3330
SHA158c036c0d71bb623218661ddf91eb8fd412e0c88
SHA256477d1c61f29f84f0f7e9edd0a0ac1f64f32b2781886cba3dac254dcc7c9956b1
SHA5124403549b4accd49ff140a680401cc19e4868f6d5370bcf8774986c0b179516d17703899c823064d48e74af53fce60649bb7b46cc42f43d9a3c2c267f67859e67
-
Filesize
11KB
MD5a2641ae020c7e3e33ec1fcbab5a00a93
SHA1269cae1c47d6f12f673c46d7842b7715db1f82e5
SHA2565d6af8d571f6dac5efcecd58ec1a20eb860b31d912dcb6aa82ba9eddbf4f4bcf
SHA512e037915cc0d1a0aab82271ce5ec36c7c17554627f54247fcba696e0e05f1e9f20503d80c106bba03a5b2fe632d02f3e1c55cd81c0796b470ae93a7089e06740c
-
Filesize
12KB
MD5c38762905a8bc0de8f6f5bc85f7a0c98
SHA1f6e342df6ab1e5998d7ed897b751d216542a9acf
SHA2569a18fecaba8042a5e6ba521ecccc3295465649c1a391ab26df62c36e1667a7b9
SHA512c3b8f6ae2bd518fc3cc06ccd9666d57ef5755e6505621ecf4504e5f3092350b1e1b9036812d9a868e752b49c63614d371a643015f0d9424c2e08aff1693ddfc4
-
Filesize
12KB
MD5177694993e9ee770847e102241eb3741
SHA1c7f390cc086013d66343652ad672212124dfe1b4
SHA2564b90aca5d29b9f1568580bee2b4e9cabd6be3aa2fdb829ef623cf53ab3af6f7a
SHA512d2bc498c988e38e5d61f837deaf242a60c0ece19e03b36c5fcc199b7bb0c38c2dc3460a773a71807499d827f75f96fa6c74d5758fe9fc5be15678ada199f07f9
-
Filesize
12KB
MD56b9813073e57060fd9ff0e11351e1929
SHA16d4b8fbd65e88ccfc6e3cdd6f8ecfff7b86b75cd
SHA25640d624939672cb421e7cb54ac4ac6994568839aaa9a5f06637bf4a413baf3e74
SHA5129b02c0b199dadc59b230ddc28ab50d401861a0df739858202dc5c854aa695eb12783dfa09169900c08e5eac76866df2efd7d7b27d38f62c17021a523b9601a12
-
Filesize
12KB
MD52ce01f0b217a4e73469cdc1928a4176a
SHA1074981be9e8cda905c8210489cf5cde098c4c5de
SHA25660e7689b3491e87762c53c6775ed28b00f804803775450711bcfb7cfa87b433a
SHA5125786993a3ec67d000999a07184b1ed031458651814a40e885518303cabaef724bde49cf08512339d549d6e3647cae435a849cb43c4407018df9f26ccfa8b4411
-
Filesize
12KB
MD5af57dd31e53ba8b6c5eb5f36ca2d73ff
SHA1c6cca1626eb8486965939aa60db16bce76e34758
SHA25663a2b8a2b082914944801e6b4d4792fa498d9c77418d697d28d6955f139f720e
SHA512e3756aded194289a290a3e21c8a99804ca81ce3d6b5664075078278f10d3be27abf75005bb79adfefa1127dab4bbf86d50ef718e33869bd7eaf12afbb46d6edb
-
Filesize
12KB
MD56f5938898ea1efed953af27a906eabcb
SHA1f17e2bcf3bb1e89865426a8bff21ef056640f545
SHA2563ed9c62228e0f7c3617f10d44c1d0d80e9e6d891eb73dfbb7626915b43db6028
SHA512af8a2a934a4221b261f304d94bcf11c2e379a846e6527fb2e30d0667c0395b4f01e252b4c18f22288ff6773f3f0683765247adaf9c6ec2b2498d1efc674c48a0
-
Filesize
12KB
MD50707b42543afda99d4d99641051cb9ed
SHA1c33d2de6816c3d80dd4e3b77332192c61f979302
SHA25675a88517e902d3a50994c40144623f2a73a7f522a68297e9e36d9e9343466f4e
SHA512c50dfef9006b482f941374125caa40d68f7025db3840c880e158aceba488b90ff939bcd83fdda323c4f0a6653f1baa9906d263334e0837d609eee18c0741211e
-
Filesize
12KB
MD509d839899f73a7e10936644a966bde78
SHA116db4b0173001c320caabb011949feff6e23e09a
SHA256e8cf1fa930246ae002639183125e7dbc259209c7a7d35f9ca41eefd128bc64e0
SHA5129be17e76fb9f6e9262ffb977109a282cc29f4904c0aa49c907f99a99760c157d1818056a9f253d084a93d5c4c053631b943f19d17735380117495a167d2ec6d2
-
Filesize
12KB
MD512e729ee295e429b3db5cc4208159a2c
SHA1afcc85207beac7cdb5246424fdbcc9477b2da19d
SHA2560cb5be8cf584c7027363a6e8a6a8fccbeb75c2f0edadd2ca2b2398b121965507
SHA5122fffa369098465aa1495ee801606d3fd84d33ab81f08f3fcad4cac7e5ad44e53e4f11f2e35ff87c0a7ba6c29613259def9169648e9fa82f6ced87168267760a9
-
Filesize
12KB
MD56f4f14ede6a21a5f88cb79ba4d5b8dc8
SHA14a76ad7efb9bc7701673392e980646ac2ef8d10f
SHA25688e572ec94a88e0e1139d62be086807a64b41ac6259d99707f43c8a2a938b64a
SHA5124db375f7c1eb367d66cb803feed576668d339b5058ced0e3a01841511b1b7e5e6c81786b2e53b7e7412cbdbd62b7dce6b86441f62cbe18fcb0691e63c4c74eca
-
Filesize
12KB
MD5551198b726125a1e5b66836406c38f96
SHA18f517aa293c397406cc1c5dc5e63c4e322d7e225
SHA25670e3311582f599015c036b6a6954b935f155c38c5a9a9114d40aa782442e4c62
SHA5125bb458422f25b2105accfc6190232f69074b0078bdbf8641e8ec667ff932e8a08ef8c40f8646b2b5bc722b134cd173fc55fc83bde1762feed53b741e34ecc543
-
Filesize
12KB
MD50262a58394e354fb1648636b91d42567
SHA116456557809b78ebf707320cc74e372546b9026c
SHA2566e29c38126940e9165adb6558f218532e53efe2ff2f68cb39035324877179616
SHA512cde7ed6e257c8dafce9b7ef183af5e8022ec2c439ddbdd55e87626f32e551455cc7a2ef15f4d5aa9d645ddf48ef02f871e246332428b477e48a47f31d5c47d11
-
Filesize
12KB
MD5f97ee913b12529e98d02a6702afd3920
SHA16f11519eb38a2a68b40c6a7060975ba39291c585
SHA2568de00822a7d47c24009fb330c099f69ef477f0f4e7d6386f955064b381cd4850
SHA512f399bd7e4ea15bc21d8badd66d3e580c97b7e7f64087f509f4e41ed2988555125b3e8039bbe3cb230b00aac98a301293519272cbd90b6ed1aadb4cd434e41e68
-
Filesize
12KB
MD5668ea54a9337ffd4ce064518c2732522
SHA1868d0592c77b6f3da10d255176430a790d94e8e0
SHA256c7d77d1a3a69b1dce52e503398bc24ba5484882ebcbf249f05d101f0ecd1e121
SHA512903453e43a589c7b1f8d5f65644114a684eed062128631d58c8d258bcd5dbba583c952afcc77eb3e01433615f1011a90164a4b0d360602b476eb9074677b4c22
-
Filesize
12KB
MD5eda1e087826a1d6be37654fadee2df58
SHA1ce1cfdcb684a1ea702895c598fcedafc1ee67f49
SHA25618e4b8b8f46bccd472c32b8fc283280e0264592897e8cf37c99e8777ba29e057
SHA512dee4f3fe522db9e017f2c257678c08cd5b99024a9d705ec3103f83302fee3a0220cdb78cc413fd1fd0da44982039bf88f165c976d2922f1437302ed05b220af4
-
Filesize
12KB
MD596e316eb23b8e70fb8776965f75e189d
SHA175170817c55442ba44f8e3204466def8a8265739
SHA256a4b2c07b022945fa83bae71b9f356d4623920a83723598aae3192b6dd9e2254c
SHA5128c886b3c152f733b5150a339931d351fcb0dfc6f2d68b95dce7fd36f102acba8eff663998e4238b41e1c556c165252ad178d4081f7ded1b57e689df7b4374b67
-
Filesize
12KB
MD57520647aaec883f8fdb2f776b51dd1d0
SHA1ddc878a12cadf79622467aefd8eb1a7562846ca8
SHA256cab64615bb46555beaa5e69704ac43e0bb08aa27f662a6188546e77c0017c522
SHA512d34c02e5bb963bb842cacc5ad0086ebedb0237f46215c7bc875aa2969677f84e6cb5a1e94fbebd4480384b98d5f735bc23bd766fdffa9bd4080963b2b5cadd12
-
Filesize
12KB
MD5a9ba2d30a7bd657781912ab6765f9d8a
SHA11204f18faa999029f10a4795b6989ae5b745f028
SHA2561be7cfa6b1dac7b93b60bfb5f6c3bb76d385527f0b53d86f48176cf3b2231167
SHA51240a9646eda1a15726f490b143c663fcc9080cc54df51adb07d39da48798d8186c240008a03adfdf9c80b3fd82b5709f31f1e41f135ae97ff1b289a20473a8dca
-
Filesize
12KB
MD5fe2f8a29831f13d7076a7a8f5cdfd3b5
SHA15ab60fbdd5660e19ceddc893257507a669bdfdb3
SHA256df7452b5397791d190fd9893e98c3dd2b49c6c4ce40c6176d11c42b8233fcdd3
SHA51274476d09740b665a9d63c11c97ad5f975799a4c4ab373505647ab2f6801c8e41b72be80ffa9fccbc2f62823aba160738726a8052b2a7279769271fdca2003960
-
Filesize
12KB
MD5541ce62eeb08399b40d63dac27c0edf4
SHA1aeae3de6c7d3d1a2cc95fdcb67c92de0b3bc653b
SHA256867da4d2d82aa9ce52c5afbafbef09c5fbd287c3bcdafac89b79274858242847
SHA512c791ed68abce2e63ed1839e6c47d325d96fdc78de715e2de721e61096a23d57ba55ec51b0a0994b51a8925ea104262ef0c72bc3adb79e31271650e6d43ff1512
-
Filesize
12KB
MD502b834a276c0f32bfe3e50765898fad2
SHA10c76ad1e45aec4ccfba560c8163d4f12d8b33ae0
SHA25671926b5ea30a8828a04ff38c6f59127941f0f6c480e86b15bdba3907268fc263
SHA5120a367e55357ce0c926c415dc3ba78f1ce444ed245f0b1f169220a787c31d4153029b335358e4a77e99d02a1bc4545d78be3fae03d33b6441695d5e0d6f253edc
-
Filesize
12KB
MD51190116c58bf1189f9de604c34c537e4
SHA1a2cbc533c23d961cadac06701c7c58dd18a5cf29
SHA25637de3ce9bdc8a860172a0e9acd537b46836b5e1fb8d7fb916963bc31dc8b803a
SHA512b56aafb236bde5f63689a748db74b1fcf98a6c96c82250e767d98e0d1b6c8827b32807fa3a482b2bd6a6827ff1502fb0a12af3ed8be4279bb10d43956bf1c3cb
-
Filesize
12KB
MD5079ab9d597e4b8db2b7cc7e867758eb2
SHA185f47731b9247b0f0745a59917b8b362dcda5d47
SHA256c7c158347bc433169a3edb1ed2bd0c919594effbbfff1e67c1d2263bdc93eed8
SHA512335e20a3ec2aff982ca9547d6285f6f90a91966546ad6843984e780f4b995c93d7de1f0e2504cf96644c5cea7447656b57acbf0d3aaadadb5b4ee49872176b7c
-
Filesize
12KB
MD5ad4b4f42e888daf35454c339d7afe734
SHA179be64e20bcd4956b06db100f899d8f3157de1c8
SHA256022c55e32739c971182ff82a7c314bc10b91150f49314ad11b79e2be8d70b3ba
SHA5126ba15269a8b5e103581978ed4b4ce2510c6490830972b77bcdcc772ec278a6c259ec3d38770de159249fd3d32fcef2bd218801d938432a5766aa5afffcd27d2e
-
Filesize
12KB
MD5f40363455769b806a3ed73f792bbe260
SHA10b94284081bf307b5a23f6b7c07a3cfb1fc538a8
SHA25691193c3f881d88b8b224942e95d6db70ad9061617a74f6430214a45cd66351e9
SHA51223761d8537ad8fdfd6ad6816289bbd0056775d5c45be3cdb3048afdbe79997dee4bf2d6a0947037ed04bfa94956340699294180d0c9740377fef995923d48ce4
-
Filesize
12KB
MD56eb749f9679c854f1d5a4331273e65bc
SHA10ec9a938a0f22dc12540d44a94d47484f854e69a
SHA256bc74b39416da00a26cdf947c01cad561d7cd7f528347fc044c9017a5f43fbc32
SHA5122c92d02428545ea6f1cc4f3d8b119f615981aecb31b134a25e75903b338d8fe294e1d0f94460cffc4ecdffb5b9afcd53af5fdc1af75d6fd1c11ba663b31f807e
-
Filesize
12KB
MD5388b9a2334f2fe54e1d108eb5514590b
SHA1e1dca8c0903a273e2dd85873eb5c3dd919e370a9
SHA256747e0258ea778e7867721c52fe9ab2eefff91759da32ec5e4aa6a021a2b9c20a
SHA5129d079dee949d79dd0d22b2362a2c7d5002f9d697fe921c758bbbbd32467552891f9993b87efbcd354df827ffc9cef8652b7e9a38e315dfd37ab80161f15bfdae
-
Filesize
12KB
MD5a7a5431a5b5c0a9d07da86869ff2b9c4
SHA1349b2ee76ab989a9575ad9526758e776f4ee7e08
SHA2561d2b9d1165c18b8b676b7a1ee0434ce4e4df4240a44c7448490b0d4c3ce8e3ce
SHA5124da18dc0ffdc4d4b910285f9957a37fb19183bcc73abe66178b39dc13c034b0c6664933cbcc17aa5b2c2aa9058a7622826b15169b41c8b9ed84f57fa452f7f24
-
Filesize
12KB
MD58ee425f5785ba9c7d43c5e2b6e6376ea
SHA1a9154d44889bf74ada48b0122e49e9273287944a
SHA25601edb8849e1aed22b6c18db8a4057eaa8ca2ef5d0dc1a07c1769223318efdecf
SHA512dd4fd387ca88af76c71be1487952e3c57b2aa7433bacd8f1f3b8a73640c63f719292e9cdd579728e8c21a4a0e12af6e3919c159387dc849512947d16e5b6708a
-
Filesize
12KB
MD535b3744c1bebf553cc037b25773b0fc6
SHA1e66880060dc2fec6fa9daf06840ae2d8b330a6de
SHA25607509af0c6da0cf870b29bd06f878b6635ffc1ab656c4dc0b772bf27cf79d23b
SHA512f80163dbd0116abe477b6a3cb0bc7b92fff0fcc0d30c950fd8730c4359c0451afa1b34bd1273cfc091c5b001929bdeebacb949669fd9285df727f0b166deba76
-
Filesize
12KB
MD5b3f5ab9dff0069a8cc6a583a28d4ec0f
SHA1a3c67d627d1e99f4556bb601da62d412ca0a7221
SHA25692dd0ad2b52e85106d2ddd4672f614e9466fb8a66592a290123ead1e6186de96
SHA512abede283e14f35a4f659f5d3c9bdda9ed12c18eba3479bd553822a2694fdc73d0063426c8510533507bd5c60e0030e432f0c1ff93c0307f085fb9d3cc051ce2a
-
Filesize
12KB
MD548cab53dd14a97caf70f5eb905dee0dc
SHA1366f37da08a5a9694b34e251733e7e85673267b8
SHA256f0b91cbb5a08e009a4bca52849e1c8409b3671601ad01c1dae4a816a6111cffa
SHA512fa1594025e0750762d4adec7eafb11beb6d32469af161c17108100041f383737dfcba446c42e1f86a583263391f72dc637065fb437424d6f7753df4733d754cd
-
Filesize
119B
MD5f47298efbd3da58c579bee4a37a85411
SHA18a73b0aa7568170ec895fc60cb50788cf6332f10
SHA256f533385bd2d50355d9b2b83b81fb12ac534058675d9793d45735920e9d8fd975
SHA512b7329ba6ca54109e3bc6afc7455fe808e4b9c52522051dd7b4c521276c859a8e702b507de23d4420ce0b9d1e726755ead840b195be4f8a3b0aa70f56abd097c0
-
Filesize
6KB
MD53408487b371d99d352f929d68b280d35
SHA1ab8ec8d5adaa7bb2e060daf9b446c842d0305d11
SHA256afd47f1fdd335e83a28b433ecdb7e6f826072980625596087292464d46f7267c
SHA51291b7abca268e21da50ec5ca9f4aec2076863eb3f318b8fb07d7fe2a010fe876d541111560e754e015ce546a4a98309d64165f5cb5ea6746aa97be7acf1cf2df6
-
Filesize
163B
MD5bedbf7d7d69748886e9b48f45c75fbbe
SHA1aa0789d89bfbd44ca1bffe83851af95b6afb012c
SHA256b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61
SHA5127dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZYT37G6S\version-8950870ea20941f9-rbxPkgManifest[1].txt
Filesize1KB
MD565403352c25601afb3dfe6e6c6da6b1d
SHA1d5a579bb91f1d8ea55b0681df83a72fb783bf1db
SHA256819a02c39d3c07e4dfa43830bfd2be2deab7a1846e0f2651c954b633e8a173e4
SHA51290113893bdf21e2705fe9ea640270cd181704ffc24eeffcd7d8dfc099418665251726c88bfe0f4434d593752ad76e1b069d4759a0147397a26ec2d5f55c10c71
-
Filesize
5.6MB
MD5f3b8e82c20c4bb3f94a2d7bcd2a82cd1
SHA189618596be7cb90317eaaf2d09b05d522d008260
SHA2567de6a5a45227b0f21ac7dd50af250e37f20b8bf2d6f4aa53a7f643d77515bd07
SHA51282f15e37366efd29879add4f50cedbdc27d4eb885e190dd54c8e89787b51d59ccc21473f431292da679c7e8aa7cf2d0ce7219e1503d59a0f356e078f9feece55
-
Filesize
40B
MD59417b96552624becd79d2cba0cd26d8b
SHA1a9289973dfdf26f8de148af9ddfd0bd8807b3927
SHA25615ddcf0cd03d731a5b9ae3564bcdae323e127a2d543e21d2dbf02e130e81a9b9
SHA5129edfc497ff200485226d996c31bc38f7804466be8979c0e9f0e35b0e4f255f8733f1fa4095c85e3cc85c159ba89949e84e79579567a442389d04b996eab60c70
-
Filesize
1KB
MD52d9255fbe537e29e6d874b91d90cdbb1
SHA1b72b30ffb0f5b92d52c8b8d461db2a1c1ac57664
SHA256ebc6390b2131b24a0a4cd7c43d512987406de636b13d00bf24f60c820ad82780
SHA512e608bdb052d6125c3c3949c613a98e512a44c662c53488e07a1b99609dcf9a5978b85592d4947dbf317682b9f1b41e663cc17eeb333db48eac5c5637033a49b7
-
Filesize
8KB
MD569977a5d1c648976d47b69ea3aa8fcaa
SHA14630cc15000c0d3149350b9ecda6cfc8f402938a
SHA25661ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd