hxxps://github[.]com/calebrwalk5/virus-samples

Analysis

max time kernel
197s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/calebrwalk5/virus-samples

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5284	bitcoin_miner.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
68	raw.githubusercontent.com
69	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Gathers network information 2 TTPs 64 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
18396	Process not Found
16408	NETSTAT.EXE
21260	Process not Found
12984	NETSTAT.EXE
15204	NETSTAT.EXE
16812	NETSTAT.EXE
21636	Process not Found
22428	Process not Found
14840	NETSTAT.EXE
15072	NETSTAT.EXE
20372	Process not Found
24444	Process not Found
12672	NETSTAT.EXE
8000	NETSTAT.EXE
4848	NETSTAT.EXE
21168	Process not Found
27544	Process not Found
21192	Process not Found
21848	Process not Found
20716	Process not Found
11376	NETSTAT.EXE
19360	NETSTAT.EXE
19824	NETSTAT.EXE
22384	Process not Found
22920	Process not Found
27200	Process not Found
3420	NETSTAT.EXE
6924	NETSTAT.EXE
24296	Process not Found
22716	Process not Found
11948	Process not Found
26480	Process not Found
6520	NETSTAT.EXE
4320	Process not Found
4488	Process not Found
21268	Process not Found
9384	NETSTAT.EXE
20020	Process not Found
7408	NETSTAT.EXE
16100	NETSTAT.EXE
18624	NETSTAT.EXE
18988	Process not Found
17356	Process not Found
22200	Process not Found
15352	NETSTAT.EXE
22024	Process not Found
14832	Process not Found
21944	Process not Found
14288	NETSTAT.EXE
3328	NETSTAT.EXE
13052	NETSTAT.EXE
13296	NETSTAT.EXE
23028	Process not Found
24168	Process not Found
15484	NETSTAT.EXE
13960	NETSTAT.EXE
19084	Process not Found
23112	Process not Found
6568	NETSTAT.EXE
11372	NETSTAT.EXE
16200	NETSTAT.EXE
16800	NETSTAT.EXE
16628	NETSTAT.EXE
17604	NETSTAT.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 242246.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
4784	msedge.exe
4784	msedge.exe
2388	identity_helper.exe
2388	identity_helper.exe
3716	msedge.exe
3716	msedge.exe
17424	msedge.exe
17424	msedge.exe
17424	msedge.exe
17424	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5748	NETSTAT.EXE
Token: SeDebugPrivilege	4820	NETSTAT.EXE
Token: SeDebugPrivilege	5160	NETSTAT.EXE
Token: SeDebugPrivilege	6328	NETSTAT.EXE
Token: SeDebugPrivilege	6812	NETSTAT.EXE
Token: SeDebugPrivilege	6568	NETSTAT.EXE
Token: SeDebugPrivilege	544	NETSTAT.EXE
Token: SeDebugPrivilege	7560	NETSTAT.EXE
Token: SeDebugPrivilege	8000	NETSTAT.EXE
Token: SeDebugPrivilege	7748	NETSTAT.EXE
Token: SeDebugPrivilege	8424	NETSTAT.EXE
Token: SeDebugPrivilege	8944	NETSTAT.EXE
Token: SeDebugPrivilege	4848	NETSTAT.EXE
Token: SeDebugPrivilege	9320	NETSTAT.EXE
Token: SeDebugPrivilege	9876	NETSTAT.EXE
Token: SeDebugPrivilege	9384	NETSTAT.EXE
Token: SeDebugPrivilege	3688	NETSTAT.EXE
Token: SeDebugPrivilege	10588	NETSTAT.EXE
Token: SeDebugPrivilege	11044	NETSTAT.EXE
Token: SeDebugPrivilege	11108	NETSTAT.EXE
Token: SeDebugPrivilege	11372	NETSTAT.EXE
Token: SeDebugPrivilege	11864	NETSTAT.EXE
Token: SeDebugPrivilege	10604	NETSTAT.EXE
Token: SeDebugPrivilege	12156	NETSTAT.EXE
Token: SeDebugPrivilege	12344	NETSTAT.EXE
Token: SeDebugPrivilege	12672	NETSTAT.EXE
Token: SeDebugPrivilege	12984	NETSTAT.EXE
Token: SeDebugPrivilege	12340	NETSTAT.EXE
Token: SeDebugPrivilege	12860	NETSTAT.EXE
Token: SeDebugPrivilege	6888	NETSTAT.EXE
Token: SeDebugPrivilege	12920	NETSTAT.EXE
Token: SeDebugPrivilege	12792	NETSTAT.EXE
Token: SeDebugPrivilege	6520	NETSTAT.EXE
Token: SeDebugPrivilege	3420	NETSTAT.EXE
Token: SeDebugPrivilege	13592	NETSTAT.EXE
Token: SeDebugPrivilege	13928	NETSTAT.EXE
Token: SeDebugPrivilege	14256	NETSTAT.EXE
Token: SeDebugPrivilege	13580	NETSTAT.EXE
Token: SeDebugPrivilege	13832	NETSTAT.EXE
Token: SeDebugPrivilege	4188	NETSTAT.EXE
Token: SeDebugPrivilege	8844	NETSTAT.EXE
Token: SeDebugPrivilege	14196	NETSTAT.EXE
Token: SeDebugPrivilege	9400	NETSTAT.EXE
Token: SeDebugPrivilege	9900	NETSTAT.EXE
Token: SeDebugPrivilege	14248	NETSTAT.EXE
Token: SeDebugPrivilege	7408	NETSTAT.EXE
Token: SeDebugPrivilege	5988	NETSTAT.EXE
Token: SeDebugPrivilege	11376	NETSTAT.EXE
Token: SeDebugPrivilege	14544	NETSTAT.EXE
Token: SeDebugPrivilege	14840	NETSTAT.EXE
Token: SeDebugPrivilege	15140	NETSTAT.EXE
Token: SeDebugPrivilege	11492	NETSTAT.EXE
Token: SeDebugPrivilege	14704	NETSTAT.EXE
Token: SeDebugPrivilege	15072	NETSTAT.EXE
Token: SeDebugPrivilege	14448	NETSTAT.EXE
Token: SeDebugPrivilege	14748	NETSTAT.EXE
Token: SeDebugPrivilege	12420	NETSTAT.EXE
Token: SeDebugPrivilege	12688	NETSTAT.EXE
Token: SeDebugPrivilege	12972	NETSTAT.EXE
Token: SeDebugPrivilege	15352	NETSTAT.EXE
Token: SeDebugPrivilege	8740	NETSTAT.EXE
Token: SeDebugPrivilege	13656	NETSTAT.EXE
Token: SeDebugPrivilege	9712	NETSTAT.EXE
Token: SeDebugPrivilege	14288	NETSTAT.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 2588	4784	msedge.exe	86
PID 4784 wrote to memory of 2588	4784	msedge.exe	86
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 2296	4784	msedge.exe	87
PID 4784 wrote to memory of 1728	4784	msedge.exe	88
PID 4784 wrote to memory of 1728	4784	msedge.exe	88
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89
PID 4784 wrote to memory of 1900	4784	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/calebrwalk5/virus-samples
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:6592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:7044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:7376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
  2⤵
  PID:8100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:1
  2⤵
  PID:8232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9816 /prefetch:1
  2⤵
  PID:8480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9936 /prefetch:1
  2⤵
  PID:8640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
  2⤵
  PID:8980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10336 /prefetch:1
  2⤵
  PID:9156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1
  2⤵
  PID:8860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:1
  2⤵
  PID:8940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1
  2⤵
  PID:9392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10036 /prefetch:1
  2⤵
  PID:9660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:1
  2⤵
  PID:9924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11436 /prefetch:1
  2⤵
  PID:10116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11260 /prefetch:1
  2⤵
  PID:9632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11548 /prefetch:1
  2⤵
  PID:10100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11564 /prefetch:1
  2⤵
  PID:9896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12068 /prefetch:1
  2⤵
  PID:10348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12176 /prefetch:1
  2⤵
  PID:10624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12548 /prefetch:1
  2⤵
  PID:10860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12680 /prefetch:1
  2⤵
  PID:11152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11864 /prefetch:1
  2⤵
  PID:10308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13056 /prefetch:1
  2⤵
  PID:11148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:10420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13288 /prefetch:1
  2⤵
  PID:11396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13168 /prefetch:1
  2⤵
  PID:11680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13532 /prefetch:1
  2⤵
  PID:11904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13040 /prefetch:1
  2⤵
  PID:12140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2698968047684011060,10043305688718367439,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=15292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:17424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4332

C:\Users\Admin\Downloads\bitcoin_miner.exe
"C:\Users\Admin\Downloads\bitcoin_miner.exe"
1⤵
- Executes dropped EXE
PID:5284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:4768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:5652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5696
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:5808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xbc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:2784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5108
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:1184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:2996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:2348
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6276
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:6364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:6552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6796
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:6872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:6988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6256
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:6568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:6640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:7020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xbc,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5232
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:6892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:7296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:7484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:7508
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:7560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:7576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:7744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:7956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:7972
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:8000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:7272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:7836
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:7748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:3992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:7316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:8344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:8372
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:8556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:8868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:8892
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:8524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:8472
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:9272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:9296
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:9320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:9804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:9836
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:9876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:10024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:10052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:8536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:8528
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:9384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:9840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5000
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:10268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:10292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:10504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:10540
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:10588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:10632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:10776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:10804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11008
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:11044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:10340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:10884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:10880
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:11108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:10276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11328
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:11372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:11612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11816
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:11864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:12056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12256
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:10604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:11616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:10876
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:10876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12296
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:12448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12616
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:12672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:12780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12968
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:12984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:13116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11364
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:12548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5752
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:3100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:1800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:1832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6044
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6412
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:4356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:3608
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:2512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:3608
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:6520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:1144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:6852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6856
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:3420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:13396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13572
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:13592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:13712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13908
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:13928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14216
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13492
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:13580
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:13572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:1816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:13648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:3160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13852
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:13832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:8460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13008
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:6548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:8996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:4476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:8748
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:6976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:9460
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:4848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6504
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:9400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:8948
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:9900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:9624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:10608
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:7780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:10596
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:7408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:1068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:9100
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:5244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:2196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:11448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5580
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:11376
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:8836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14528
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14792
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:14840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15120
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:15140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14424
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:11492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:8544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14764
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14704
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:14792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:1136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:5060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15036
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:15072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:12408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:6460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:4048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15316
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:1916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12984
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:14748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:1884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15232
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12680
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12688
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:12696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:4008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:6908
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:12972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:10340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5208
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:15352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13052
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:7392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:13620
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:13656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11724
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:9712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:12932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:7436
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    - Suspicious use of AdjustPrivilegeToken
    PID:14288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:7960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:9244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:1508
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:3328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:8512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:10644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:10244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15452
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:15484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15780
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:15828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16088
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:16112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:16300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15376
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:5996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:5456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12528
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:1500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:7192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16148
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:16200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:7896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:6640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15400
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:13960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:2064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:2068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15720
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:6924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:5356
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:14936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:13716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:10924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14100
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:9048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:7672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:3408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11376
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:3212
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:13716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16048
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:14844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:11744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14840
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:10028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:8128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:4016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:11532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:9040
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:15204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:11940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:3016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:7328
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:16408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:16548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16684
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:16724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:16864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17056
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:17072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:17096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:17228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17360
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:17384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:16532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16628
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:16800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:9488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17148
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:17180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:17136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:17312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:1000
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:11480
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:16548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:16984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:1136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:12972
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:15036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:12792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:1472
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:9584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:14428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:8908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:3692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:9984
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:16628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:14716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:13660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11852
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:9712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:1672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:12440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:7052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11824
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:13044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:13660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:17424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17556
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:17604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:17632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:17736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17884
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:17904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:17956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:18044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:18068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:18172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18196
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:18244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:18280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:18352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:18376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:6416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:9984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17516
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:17600
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:17556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17632
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:17716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:17980
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:15828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:12812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:18232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:16160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18308
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:18424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:18380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:1500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:11192
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:13052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:18156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:2300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:18304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:17464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18376
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:15832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:15884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:18272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:15564
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:18376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:17616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:3420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:17516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16300
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:15532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:10260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:15908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x98,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:1504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:1584
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:16100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:7748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:6880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:15836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:15364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:14928
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:13296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:11968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:18500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:18524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:18632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18664
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:18704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:18720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:18808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:18832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:19004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:19032
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:19080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:19096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:19216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:19236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:19348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:19364
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:19392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:19436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:11968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:18668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18636
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:18752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:18912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:18848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:19092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:19324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:19328
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:19360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:19432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:13688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:16812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:18768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18956
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:14440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:19164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:19288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:19076
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:16812
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:18956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:18696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:16476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:14464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:10092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:5236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:18832
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:19236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:9976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:16828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:18616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:14804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16800
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:18624
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:16760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:15728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:8516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:3312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:13384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:16552
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:9972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:1756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:19496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:19516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:19628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:19656
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:19704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:19752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:19816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:19868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:19956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:20008
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:20032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:20084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:20156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:20172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:20180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:20296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:20316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:20324
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:20372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:20404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:17292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:14524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:11532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:13052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:12940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:2184
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    - Gathers network information
    PID:19824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
    3⤵
    PID:19952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:19964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
  2⤵
  PID:19872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/764177660027994122/806345342676369436/nikocado_avocado.jpg
    3⤵
    PID:20108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
      4⤵
      PID:20092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:/Windows/System32/NETSTAT.exe
  2⤵
  PID:20084
- - C:\Windows\System32\NETSTAT.EXE
    C:/Windows/System32/NETSTAT.exe
    3⤵
    PID:20164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://static1.e621.net/data/sample/49/d7/49d70f00eb41040d8e1b896fd65edaef.jpg
  2⤵
  PID:16628

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:6520

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:6412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:4720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
141KB

MD5
0087a58e7458244822d0bb20087b1a92

SHA1
64b8499715f9c5a4f1c1c36e8b79ab53c292842c

SHA256
9704f87e92312339fe940347467cf3646df217a5d854ec54a1fb3f4247a66bbd

SHA512
90497cd0507267bb168820a1a601ca95d8fc28c8f6beb8128645a6456019dc64b3db1b381689ffaaffc7a5e66ecff8459f93820be55e371d69f0f1810dcf20db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6f8e00ec325f7be6f61d5d58e476514e

SHA1
886e6aaeb3137d3b989c3957250a84c92811ba91

SHA256
73c9a776002874145ad0957c18a7be96685ac7cfda162f01ba8def770725e358

SHA512
628bd7c2ad4259f97f5ddf7f1435f658733e7d84e401076160bc93df1ea2bc4d0efa5096975f2082e36fa03730da246143cb824a3221ea9a9f8578c9d68e3626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1018B

MD5
da40b00bfd0e5c1d97c4f7172d3bdc34

SHA1
f8e4b0d20ea68c6a7ffd480238ad2937826ff747

SHA256
150f9630cc71a1b1cb3216c1a99fb5cd7f5f6826155f3055d328949797d7bde9

SHA512
89d190b975c1478ff14144e9afc8d9491685ddaf88a5c61cbf25653c86d858c1d1980e9d7cfe7c999dcecdbc03971c05d1e76c7e7ede74c71f5c34ce4b92688d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1018B

MD5
2c2565cf56be07bdbd28af3c6988d4bd

SHA1
64fb7a2ee7bca2fbeea012cb5decfce483daac9d

SHA256
72e1d9284d02d4712beb0090c59c195552abc9cc1e27d8a410e74dc7590f1fa3

SHA512
b44f38c9e7333a3bc5a4d43aedbadc75ab13226cdacf32ca58a95351b870ce687b7e33bca38a046da77b3fb6e5dfb7e088c21539c4c39691e7e566be426f5559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
ba8ac06d6448e8e0317f07fc81b69b44

SHA1
26d0b0571322dd64c614140b1936e53249d2918a

SHA256
1d64aa7febc3dfef02f5e0bd7142a37c4446bdc85da67ec49026c4b7d13950ed

SHA512
0014c257c8182d9907276fb09015d52a8247c38628321776fa9e17c798352c330417761c7b7efac7ae3ac535c0ce420d8da27507850a7da97e7cc93a3333eee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e633e0f4e05749f0346e268b3a79ac91

SHA1
f61fc37dc53582aa2edfce34120bea01039987b9

SHA256
26fa5ecdba87ad06d8aa6371b6efce9a54c9bbf382ba3c0b8c9efadf2fdea5d2

SHA512
8353f1563c02925ede5641a22d27c9a133f1a92462bddd8a61cf0bb34b228c5eea8f87382de44405d453cc5d0ded06a860a9e7e272cc8bcb353ddb9b63c11a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5de84625738538e0dc08e89a84795936

SHA1
41f9c466dc440fdecb2ee222cb19f7da464de21c

SHA256
80f0e95adcad52069865e3f27d7421d10341a7038b34ba23194faba6717679e2

SHA512
2541183af1761514aba8373637b3ac99861a136fa7dc04deb832a9bfdec7cecf3b2e47f7442b70f1b6074799eeb4bf60936b6640c23e2aebf6603c934088314f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67f795b479b359e3ec3c34c471b4eaa8

SHA1
1544f4bfffdc641b86116d6016566458d993ff22

SHA256
e309e9ae28392efe9943f60aa12fae06da7d2b5d0405152a5cfa9cd13742abb6

SHA512
5c20f5e5a2d2870b7d9f5bb7a836d89c3ca9261b1e4b46a15597909e0c9e0d6317e92b43298cde610204c2953d5d0cf4b3566bb7aafad4c79c9e158c7016275e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
863a4c0af66e5a852c584cdc3de10f91

SHA1
ef59fabb122951e43109da058b3c34658be41dde

SHA256
8d88febaef7bc1c51d9539ac4ea91ff3c13d88df78a021a0070f02eff59e1db3

SHA512
542ead6a0e4f22d424570268df656af1594476359b6d8bcbca8c99dab90434882cb1bf92c504319271b278500b0c51a04933696596609a54e8ebf1f412ba41eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b54c040bf44fba9e210fd49d1c809b00

SHA1
236a057c378dbafd4fe7e9d8a22774c415af3db3

SHA256
5a36c01996a4ef37f4b6b47e2542b4a1b30c8e4755e19df7d18105c9c845caab

SHA512
59f45b715b6f8798a18f84c0dc7528547bed761ec2eddcc1cdfb663b5bbe61e9a462dc3ca7b40ed2a4da4478548599c386fc22467bead13525b7a206a8181735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ecc860d194e144f581934c528bf5097

SHA1
5ec334dd152fb7ed42a4dd199460e54d7ae7cb97

SHA256
aee1e8556f81ccc31418e6b25ac6cdd64e5f778fcafe1419f3e0451a8d21d925

SHA512
e766d7735f67646411c3ad6e7592e5e5221ebce625e8af416cbe57a1092cbf7b115fbd839f4edfc4cf9086b2d72896fb03174093dbb5c4b5155ffabd7b7b1dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e734c5145ac432f96bff005e0be25f96

SHA1
213a0d858994b16ee1cbff6c4753e0f5b3219840

SHA256
7d25b9c8b64cd39ffdfb9bf7f36e759e77dd12262cc6dbcea5280fd286d4c71c

SHA512
de2a9cfdb7605303faf32625a39a201963037e905d1a8b7a473334a9f8eb9314ec8570f689303a83df6d80e6c92098085383e24a89a9bbfa20982d4b121989ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61c7d9d63a990265053e4887af3aea70

SHA1
ffbbfe32e0d79b68d31c2e282774bdf5f57189ce

SHA256
f4c24fae923db27db30a669316e1c02bbeb6d53a76f21420122cb89cfd70dfea

SHA512
ddd8e3f1e3cd5f6fce30918c2d314f005bf4e81d6c5e52800211fd90a1e1a184c3c2560127972612c892b18f46ad8a37d78b4e19468af56446df423ff54913a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2708094849af86e267c20b79b74c3e5d

SHA1
e97c0e4d675c9e9ec48c804e1de7148af9b710fd

SHA256
3c4d0acffaaa72cfb49f98a05a9885bc1aaf360523b1a0806837ebe6a90d2eb8

SHA512
0583c43b87f1d65c573bda8c5f5549a98e3a85fb777d6ef6961b2a76f6297001b537f46dda3f824992b466ae8524766901c7fd9be3880085874ed20a111e4f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6476b9b4130536e6473882a8f3cca29

SHA1
a9ed1632f03d67c81fcc91f521165bfd5ea8640f

SHA256
f1df5a16f59ea5ab139fc51a21530c9313f029f73b86f3e248bd94e60b22144c

SHA512
d84f4fd2b62acf03172de9db3867d9db987c5ffb5159d932080654f9a4852ece202f7665bb4f67d753869411c0f2fa71d361862ccb3a7dc9ca2ff6a3b8c0f1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d90f988a1b585fdc2ae73de15d6c9eee

SHA1
1ad4a1e779e8e77aab322491e5b629aec1db7f00

SHA256
33b7cce1326d5b513bee2b96438149a3f0f4c32eda5bbe45f83112515baab4b2

SHA512
6f419559d7023a7218f4193cc5c295eab2c1f5e1195e8e1dfbd5ad6b4924062b7eb313427bdf956a614aefdf9a27f25ee0a91ac88cab46b3fe186aacc378350b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4e42d911c1a35d2e7f69ba10f0680ea2

SHA1
b460c6a53b99ef66d53a2a2595c13f1f859e1461

SHA256
10d9eaf1d2e7474bb07010a4c2d26749d94c75f25bd1f6968a79437d676b69eb

SHA512
ad9783a2d0732cc6b30d79e7379779f209ab70fd62a36ecb357cd00255a661f791a5740a3bd9478415e776c96063b2c0eaa22f684b0588cf192aadbe7f2b917d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9242dda81212f79435ef11cd1b6196ae

SHA1
49fca674ce5cb841994cffb6f2c7140e15604bde

SHA256
1bcfbb31ebf30c915bf95cedf5aaa0dbfc9b7e5f625be2d8860c571e1bd091c6

SHA512
5a37d6d38383b6cea2ce98e7beb91a2b623b3684ae34031ccb7a6a82d675d9bae547dd068aab4d4adadb241accb3dba90997f97b380bc17e736c109f6e1ec674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79f103a0f9a1599bbac07f5b29215f49

SHA1
7acd9beda9a02da9f45e114b18cfa5cc8de6ad29

SHA256
1079d653c96ca438fec35787d0f6537ff806115350b1662ceb1ef5a1a5055692

SHA512
d703d51838ceb0d5497e7b1954678709984839b5efdf8d933190b877ae88813ead32c7dd3b6ea6342bd350527cdea09275ffc36e41bac51e57710e55ac06763c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
baedc04ce1870132165a2fbf53a3325b

SHA1
818905d76ef6aba759689cd11186d7ea217b00b8

SHA256
709bc103a0d8500243466cd9d4cc51bebb9a5c22f53106a88dc5555978b4014f

SHA512
54882a3ebe9fc3053de58681dd4802a877574f90092b0c527db614e436f9e36cbed85d2a32f3db82ec287a9dde0ab2672018fae13dfc1abf8fa0a70ef3e928a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e62261337d47ad3f97e556028a834029

SHA1
b66b4995470799ed7ed432a7ad13af5a1a392f65

SHA256
e55c2968910a579d2c1eaa1d91a71e66ff081022f7755c3cec979cbcb8920c92

SHA512
b7143ef494e0247f7e682a55548b18b10a7e06839d13b9b3ad5e1f3126f84650840d75d362a4ccf9c86c7767dfca564869117625bc1f2b990c8754e3e80643cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d347175633cbc0b2a52d4884f598fec

SHA1
76e4ab49623ecd91d12fc1ffa58058f431f53635

SHA256
f9c2826a1020c024863844595934ba1e371ab3d83c1b4bc7f8f543d13a283353

SHA512
fbe25f06f5ff93c7dac8dca7b4e75f3dd1f15974bce3035acfed10791029085984b2a288da09306244b2a0914dffc3450b90e000021a7a9ad44e526fb7e3e0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5a4319b4457532c60f242772f957d24

SHA1
1fff8058466a34661ae0df6f40e91c2f696e77fa

SHA256
6aa185ee7cb7d7d3bdb3d0056fea4c6b7964a9c72ea8642be870c5d49d332c7e

SHA512
9a3ab5a3271ebe59447bacd12e32f850473ebe52dc4a004a930e045f95b3326183406a86894b4b8bb255989199c41774255495daa36710b9f6644c9b6c830247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cda09e87320711887f8e807f539e2320

SHA1
1b095501ffba586e918b11128c266ce56dbff12a

SHA256
f0cf207ae7da9ccc5fb6d952a59c4bceaee8621f174994828f46d90cea21d8c4

SHA512
a8f6d0296ab99cf8e3acdf8aa8a683d6b99df7290d223844e57f2c73717ab8dbda70c83414165edb4883f9547fb1e6d8f8a94b46b50dd336056463e95562f4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c95f5c62f6f894f3ddbe6da2ddb056a5

SHA1
542f0610e562c1694b387a65c5ce55cba467a07e

SHA256
55fc238a52bdd2781d10490e46e35bd73af5933e82b1b66574a48f0191329678

SHA512
43b2752f4ba7df234914ab0445aef718300ef4731790e9840ec80c3da7aadea06413da60b098224cb2c394087571caef8f339f820b93c875e2e7a76052b5d8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
950acd48b0246f0a55bb237527488561

SHA1
e24273594adb462ba080105b983ec3f67490e1a5

SHA256
d669f631e0fe8a7e3ab976dadb9ed83a151229a8c8ceb080fb287f84ed3d99f9

SHA512
90a9bffbc63d02719ab296fe8044831bdf35e13c3e2882fe4069bf8395b5672706ebd3a52d9e47e03b7f78fef66037bf22361dbedee19253555b2f12fa8fab24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b969157679746bc7d979376a6de33099

SHA1
ab2ec825a3a00564019884e0b2ea3f23e189f27b

SHA256
155a048479f00c168c951b737e2b8a03e373838b98e961858a836379f6d70015

SHA512
0b1cfc7e30af93999148fe1b8ed5df60907209b38bf1e1cbf2d3ca7fb2a75d8e6cb42e4faab1f6bd1ca15e28f6f69bbb9544915a78f3ab2cccbebc300b633e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fb22198292986e09db5f1c8821463d22

SHA1
b5e18b87eca650530467564bb4d928958cfd50ba

SHA256
82caf7ad98b8195d46bfe7a0d8f20729ba09c376e59ca328bac6565fafb3c479

SHA512
d3f7b7934e5e67a35836c7e5818cf87116eb9b08cf2c93679690efc8a5b6b57009f70402d71fd6fbdda0e54c0913d482c2dc3e51eb43d7b9829731dea8da9ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a76fa6f1f137af03db235d1d11990c5

SHA1
8dbe623656cfe54365acd702afd983b6b82e939a

SHA256
3039eef631e09f7392ea7111a5df6913976fa21e490577d8d494d2061edd366a

SHA512
25fec801ef74c3e522a073b6066bb3d09a0b108d2273c67e13ea4b1836db62e41eff906019e7c49a1099d021d7af9e77bbfbcead9b3deb68c71f3d30f3bc76cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c767.TMP

Filesize
699B

MD5
1f764eb5192bb7988d1967436923b7ee

SHA1
3c2eddfe2f4c991700dc80189a58efbbe00438d3

SHA256
0dfd66b3306de6b09745870e090be8bee248b2024ac9a14f31a955c5d2493ff4

SHA512
6a49a234a5f3a0805f329fafc26bc9c6905adbe6cd5e7be445ece6ff3200eb2f4da8d70b3e5721e78e29a125de5d0fb03bf56ca6553e5028c7ea810e938290e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bdf0952950f57d3297f7d7ea081a519e

SHA1
a316cac8239c6d1d5855aa637659af35c2fbca03

SHA256
6715372844ed27ff0947dc7f10064ed064899eabc6089e20c32311cfed321bf8

SHA512
8491e4033dd9b329bd430ef55dcf297e22cd7239e84014d2176bab945601b0407ec1ae100c048e27c6c8480166939ab7fe8fb87171a7d629d215f0accc0c0ff0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 242246.crdownload

Filesize
128KB

MD5
e75711d1b486da4cfe445401d1a960bf

SHA1
722ee248b91a3bf91bde7310f7474b9ab562363b

SHA256
553279063a14fdfccae04aba97e47f749f8c1b4c30cbe72f542284cf4b59fb02

SHA512
c0e69e635143bc3e2c8fc391c447936ff96256b91350e66fa85e717e0c9c396153838e5fde1bbbf6c1e7fcc6a749528718cbc00944dd3a8a9bd6906a4b5275ee

Download Submit
memory/5284-393-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download