Malware Analysis Report

2024-09-23 11:37

Sample ID 240614-wl8swa1bqg
Target MEMZ.exe
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Tags
bootkit persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Threat Level: Shows suspicious behavior

The file MEMZ.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit persistence

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Runs regedit.exe

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Checks processor information in registry

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 18:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 18:01

Reported

2024-06-14 18:11

Platform

win11-20240419-en

Max time kernel

565s

Max time network

563s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

Signatures

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_scmvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\miradisp.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_primitive.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsundelete.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fshsm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_proximity.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_barcodescanner.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\dc1-controller.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rawsilo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_extension.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\PerceptionSimulationSixDof.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_holographic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_nvmedisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_sslaccel.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_apo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\remoteposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_linedisplay.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SysWOW64\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SysWOW64\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).top = "127" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "3" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MinPos1280x720x96(1).y = "4294967295" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).left = "939" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MaxPos1280x720x96(1).y = "4294967295" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\NodeSlot = "7" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Mode = "4" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).bottom = "721" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MinPos1280x720x96(1).x = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\SysWOW64\control.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" C:\Windows\explorer.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\Taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1776 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 1776 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
PID 2512 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2512 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2512 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\notepad.exe
PID 2512 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 2512 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 2512 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Windows\SysWOW64\Taskmgr.exe
PID 2512 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2512 wrote to memory of 3820 N/A C:\Users\Admin\AppData\Local\Temp\MEMZ.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3820 wrote to memory of 4676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe

"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Windows\SysWOW64\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12413783761144769915,1682789159435067369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\StepEnable.css

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,8545325249717746635,10109285500187445064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,11291427942078969457,12860965560577279453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Windows\SysWOW64\calc.exe

"C:\Windows\System32\calc.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5292 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xec,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\System32\mmc.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff21c83cb8,0x7fff21c83cc8,0x7fff21c83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2871556686034221656,9688801520187805179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1

Network

Country Destination Domain Proto
GB 184.28.176.106:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
GB 184.28.176.106:443 tcp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp

Files

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

memory/4940-2-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-4-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-3-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-10-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-9-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-14-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-13-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-12-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-8-0x0000000005B40000-0x0000000005B41000-memory.dmp

memory/4940-11-0x0000000005B40000-0x0000000005B41000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d0f84c55517d34a91f12cccf1d3af583
SHA1 52bd01e6ab1037d31106f8bf6e2552617c201cea
SHA256 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA512 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

\??\pipe\LOCAL\crashpad_3820_JONDPTBVNSPKXHOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ade01a8cdbbf61f66497f88012a684d1
SHA1 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256 f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512 fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43f055dd6227164c66405691f1730f5d
SHA1 7b8c7b10655d200367953018f0dd73972effe6c4
SHA256 c43fd47c60a38943c3491586ce1550b935ab3dcaed9f0db9169a126aad15840d
SHA512 41530a97046a77d6e7bbbfa6675d47c41411e701a35dc5837edc4a646664e2e80687f1817acc48ecd9e63e6e75c3d686ff20af67e8c0fca98dae0d8e90e3dbf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7debffbc55431b2a4316eef69d8043c
SHA1 b5537f63d2976c88f0c47edf53bee3b527181b0e
SHA256 622b74329ea137b8ea45bd7832ac473e5c24fa9422a1a0cf6da76ab032ed181f
SHA512 d92029d2a2dfb732db4ef6405af18f0d79913d7020949c2e7a4dd31586fd0572c36f66384bd2273591553f9a0082175bdbde86d908d2b9c013bc77053c2ae3f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362861779998578

MD5 149e2a21391276894e18e99f37c1273d
SHA1 e778ae5fcc82fa551d6bb96bc6c8e4d6f5cc1311
SHA256 4bfa14e8174975dbe2f83f42b29baf7b62b9273dac5112bf4e1ef5e8fad27707
SHA512 ca64ad040cb4f1bc36fffa7ee2300b4c65a9fa9d5d9579a395c0253ff295c35f36d6c402e9db1ee873cef1a9f7caf299363935d7ac72f2bc1ebf78b3e280c9bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 8d4a9ff47d5e2166249586c8fbe7df02
SHA1 3f5fb47c8b17569ddbf9b4d1e674256702b432d8
SHA256 dc880337334122dc4066bbe3650ee4214ea9669eccd519d45ffc71ac55a1e6fe
SHA512 92fa3f8afeee5eca66f0412824586953487bebda0e41ee77261a334b2e06c1bb9c49585f4a03e01bcfdf845f30735c6f892422d67c5f57945785d15a1d68667b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a66efaa590a0d16b1874a35836ba0a4b
SHA1 bb750c61e162420271f89a90f2b58f43587680e1
SHA256 b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654
SHA512 2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 1c20f2931ef820b7a032e9714bfc84e5
SHA1 00f9a8b5378bc69c2972116d70d66b4cd6a57859
SHA256 bdaeec120954d28dda791e229f3b8f33e080fb3f46fe8966911db7017df9785e
SHA512 3fc92054c9bdb993f1650c14302c414f34ff006df9dfa2a6d0e3a9e930ea28aaadc14d3efbe1fba218f83140adf738eebfc18d5e2d325ea7b5457153cbd2837b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 d1f604157b0745a40453afb93a6caa42
SHA1 3d5d77429b03674ebb0ba34d925ba1b09310df5e
SHA256 468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5
SHA512 0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 2c87897c3042f6daa6ece5812441b74d
SHA1 020eeeebf80a58206882beb9709d4ba860ae706f
SHA256 a6199d9d18341a26c9b3a42e42c7f1bbd062748822d91390b78884e050a21746
SHA512 4b425585a7f7f2a57cbb1ca3ea6ffbfba5dca4207bbb9097a43f03c91800456c9e4a3edadf7534868b87c544a32dc672ddbbbac1a5b7e281d076520b6cbfc2da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da33f18d64f3deab95b4f6bc580c64df
SHA1 7214d133aa342afa21005fef4bf8d960b77be815
SHA256 35bdb5afccb1f0ec06472d4d172a8d6d73b7132ea9366fcdf74ce60da75173c3
SHA512 48cde2557c813af8c9288ab0616cc7873d18e15e2bdedea5007aaf814d2771f2f5ccb2a5eb6de2b5e395e1b6c6ea0fd34366a4fb5797c47628e3c46dd053acad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 5cc37d25428632f479b74b90d211eb2f
SHA1 16e380325d6b988c897d5221969c9129ec431208
SHA256 63c15a8c6d062d92e969e36104f4cb79f64065d33037ec43b79bfd0bf518503b
SHA512 8790d0baf1ea872516e34b68c8fa26578e7b944277825a6de3e92addd296fc076cf932906c16de2187452aa7ff3c473326a9b5daa81f4b1bf8aac62ec02970c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 17c46002645187e1be90dcb058122d2f
SHA1 6209aee487126afd9263506fbf9639887a86230d
SHA256 7eb91834768a5a5d27813e79931845c8d816b6da0ae9e8a1b8efc7cfbdec4859
SHA512 ba87fccd282696129939016a77b5c0c3004360f2802ee6866672d1f79613a79dc0b6eb4f819923f9f83cc87998132611f8f1bb9c06115396041dc9a2b9fd2b2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 5f38d96b6fe4e88793e9be4aa9d9b66e
SHA1 de479c4efaae72cb0dc5e5aee4028c224cc936c2
SHA256 077bc092eaaafa826abda857f1027d85ae8dad765ac77fd66975a7efac43180b
SHA512 064ca9397e9f525868d6ae8e76c0fcbafce41844afa0bfcdd3f1759603c0196538d16dadfca6c0b4bec88ac28ffe1c867a5024e22c666a79cac05d1eaa587cd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ca2ed81b874f610862c800b377ae71b9
SHA1 48e4641b23300488f30131c289e5a8c8e1bf53fa
SHA256 ec31efe9853df22a2a13822c82404ed97e3875933b785745e7c6f750c238e0fc
SHA512 67c525367864e621287540f2cdbd172cce1cbd4b2861e1809ddc8930a1e1481dd1052ca0b4f218031dbc1a1f13af04f649970744b606815364a9022322d4eeb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 a9851aa4c3c8af2d1bd8834201b2ba51
SHA1 fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256 e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA512 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 9b2093954ea322857d67bd338919b5f5
SHA1 4d8535285b73e01740f8adea389066c44bcfe6e4
SHA256 303972bfaa656649bce0727b9cc7288cb3f118850f5c4d138eb921349a5501bf
SHA512 80bf2a8fd9f3063816eb0e18d6b4a27ebb750d6c3b2953efff1033eb17dde6429b91d9cdc8e2386512713004b75f0146800cfb5bf35b73eda70789a216be4d18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 85df3bbf251704c72f33d1b15a433773
SHA1 7a8d2e9cd46aa178e97f1ef57f33c03c39bb5376
SHA256 18397b219ca178a13bded7211cc0fb55bc7489f3b6f803ca98352364ed08a397
SHA512 42959e2817adcbb0b01fdeb96fff5eb7024980c5e691720f1b28636a044579ed259a5348566b23ef8d7a143dbb51bebf0af4f6daed346a926d4bc4ae2162d8b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 c7e05528e331fb4316e2a8ee3936bbba
SHA1 79faa4dd8ea1dbbfe231e373e555715eafe03ec1
SHA256 39ca65378780325b56481aeec06466b759bd1cba3dcf10c6988c5ca3a93bdee5
SHA512 d5ff6049a98adbca4e02bb612d5bc6fd650961e56ab2ed9b6a14164b33266556a01819942df404ba5de1d6a3386d6750e55de2cc8f13ed6b42227d1e10001ff3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f599b168620e71de352feefc5c95816e
SHA1 3c3915986ac0b0fa0ec718243d48bc089cd5aa24
SHA256 5b8724ab7843fae55d4b13a21529c31bd90a9443696afbaef91bb76468df8bd3
SHA512 e0a402615d081f532e25ee7384353d994eaabda8dd0e6b623e1559fde53bcd1749cf8a146f3766f0ff7fc81ed8c7f555dbad4e40e803e13a267ff91aa4ba8ec0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 70d3e6e244d286f5ec50419e7c507c09
SHA1 d5cdf4df246b4d8bfff2f643d14891ea7cd9ebe6
SHA256 e953c0fdb147adbcc0ad44440e91b9c4f628b5431037ca44e754ea5f37426909
SHA512 47b22ed17ddf9237ab7dc4e81f570594d81789d32e3e00f88f33b9ed362b6d762f2b3e4201a28c7caddd779d26f3175fb9b8bf2233ed23c875a76acd05525b00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 19cf46c38438a0ceff83236ecfc7b4c0
SHA1 5006b7908a562ea5460da65d8f1fd021b41968a6
SHA256 79222d9354216ba245dd9942aca722eb8a17bc1a3a8fca7756b69ffefb0949a7
SHA512 128865b69e214c1c4d323d2751c2d9d889dc64fdaf93a1a87add38c67b8c00a7e3d111dc3554471024f22a65c7d93ef847136eac82d74b0f4cc66649bb808c76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 5c2de968dd38a2ec31b32e4c3ce13635
SHA1 655d76e773767d7a7133637d55f6cbefdfab3c4d
SHA256 f0171bc84c0bd4daf24a7c93ad81b412bc2cc573d02f0760b8908a6f4a89dae8
SHA512 876b66d5079cd9c1748bb41760122eba9eeb346d7723308d22ae77286bd1f7443b06db1897fe223a94302795731f84c3e964154836dd381524135819ebfa2792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 6e374b21bda2a34ab9b59f792e18ab5c
SHA1 685d09fe3e72dcd965f03aa3272b980df120dd13
SHA256 752e09cee0088d0df2737a46cbb366433dd75b7310b3f32783ed8f2c26531fd8
SHA512 c7d913083581c45e2f9cbdfd55cc05ab8fd1471ee92bf6e67099e76bae54811f01ea22805f73e05c354d01844d76462d393f95c6ec97ffd0306766d36d782cf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13362861779763578

MD5 938cbfbf347679e5bfb2908ae21b2c1a
SHA1 1c17cd711555fb7f4f12fe61697b1b90e6f60eb3
SHA256 9090921a2edef9d9d6dcd6e45f05f4c61758fb11e30fc897e7feb66e4f223c63
SHA512 6ea1e078589db9a29a00f1f2bc3e7eb2e13749e1da0baa041af376c4d8667aa5cef21f9b1e051cc818a8373b47d61e70f55867a568c195983ed753999eeb59af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc5761a9d7df355d856f87f863667b35
SHA1 87ed3298f1662a7e3f359db9a402ccf9653cc06a
SHA256 dfee1838e784e21f57b1f5791ce613540e3fc96b1a6401a76f05bb92bb07139f
SHA512 16c1527a764ebf7d37f44f3cf6684c8b0f19a7411759639e3a7f0ed7e786ad38ff2c61d03d5d6554808b5f83cc32d2db31b0c9b9347a11a9a8eb4f7c338f1133

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 6e204bffdac23a85e8ff686f302b4aa9
SHA1 50e75ab3eb482683498746c5b2cb7cbdc109d112
SHA256 a9c6e1687ccc7d047333ca7e1c636b2dcee25c24254435fb10cf42ba2e396302
SHA512 359b3fc20aee006510fd9865f708b7380df6939b37f866bb835b000e3ee554e565ca6445e5061cb5b3ccaff3a4c76ce10ed94be599bcecac6de7aef01f10f4ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 b8eb6bfac0b410a0098e92786099bafd
SHA1 05b825573c990f2842e1aa8f1464b51c0da9422b
SHA256 eb80f0586e5804302478f28dc0f414b96e91be574cf2e718d217a6a59c31acfb
SHA512 d7c0af3388f9ba4f9d39e504019ae4ff66ea8d8f3eb99190d41b2097c707a791600f778d259b8a35ea50313fcbcbe517a78abb580526dba8f4a65e3bcdbec039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 cd07904ab8c7af085b9e32a3731a303f
SHA1 a958d0b5d03b3072ae42832b878433b70728e9be
SHA256 8db65112ba7e88dae903351ce3d891ae3d06664d4b7589568a775d652bf1d3c2
SHA512 5f899c011046a66d0f95f27a095d520f5223767509faa74806437d80cc56947ab52bcce9cf1a82ea68bfa0ed7bd4e33e726e9beb39d2adc550e2604cae891bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7feceb1edc49ac315f30f3c970edd92f
SHA1 288497ac92efec2281613fb78ee3db6171ea9d43
SHA256 658eb3ef2220e23489bcf16c74fdbf90108c3f48763bcc28fcf9a7af704e8643
SHA512 b4054a28b697c09b46c2d2a85c888f123bf6819039e0ad30acd79567a084fe6cacabdb6aa7aba85df9a1b23548e5b792593ba38872166f6336ccfdc6d3b7b4a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 6e09d61e4d4977bde444efbcb2d52670
SHA1 d215feb4b769d533dfbe1b937e536e28e8c1fb63
SHA256 64914d9bb98f0838a74ad0ae66e228d938858b2046b353a7ec5be8d94c8a7ca5
SHA512 d8f3b363ee15ed140deed2f1439e369904b8d65888d6184df433330391d16b89459220d8066ff7ee6cd30590f3396077682718a5bc27af8e56081ac66cf98f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 8fe71a42c1623bbf0cae58e86e6a35af
SHA1 90a41c8f2f1fd22e945811388b412e627403c784
SHA256 6a3833e29a1d2a29dfb155285d3bb3ee7ca966dcba9586528ff2309d25d013f0
SHA512 89e7cfa7f114f7a2091f6481bed858f529ed5a8c10e4d9e2fbc23108397cf047d835ec3cd502044235e8de7c16c802df8ed8492c2b37b0243cfe226b731c6de4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21a690566538ef6eea7157c3b860f401
SHA1 ac66f6b2eeb52179a7b72916bd116c80222f26c1
SHA256 be93df75fafa9b424fd68de00d17edcb095c397805661a15c6a3a30f3d4567a2
SHA512 f43227fa408b5af571df724b1230aaf98405f9276b0010ac53529bfd93dd2ff12441f5c83927c829233e56b26e1422e4d89d466feee20622fb9630c9ff52c024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 7b84aef658ddd4a0d88a21ae37bb804b
SHA1 af441552f14bba29caaf95bd217d1f472aad72cf
SHA256 5177ca0e2b1f8b38f32ffe76672a651bc9ce50d68eec38329b1ab0aa70f3dd1a
SHA512 67441068fc98fe8667c1937ee236c1eed5ee116584d4b455560374816db883a9a2e0bed3b4b0299fd59bdcd3cd96303ab76b0ec3414140e36fecb90ba7465508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 095e07e374498510ecd6d3dc66ad38da
SHA1 bed98626dbf856ac51f7daa73b77b7c8c8588d1a
SHA256 55fd98bed43b5f7a61f9501384913e88770877458ea1e649d9df4fd000446761
SHA512 b84c73afac291d94cbee0fe90da85bb3c17a783c218beb6ee755243faaea218e1d7cb0cbf72c9c3114b1ce7d0d44905acc91e0930b87e5672573e05a3d6597a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362861855222900

MD5 5767de7c033b3eb444a4d96db86eec08
SHA1 b180f57642fbd7f9289fbc47af0eceffaf5ff580
SHA256 7e0f2a301ce74b05a0e8a9a11945eeb721205ccd3f5288e2a4a227f8908f241d
SHA512 fc0b893c6b6605cc7ef23c83d728c03c66809a4010d41c612ff6171dc6addeab0a6267e118aaf371079781b842fd88ea5f308edff13eedab3c4f0e0d2ea82b1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c548a537-8d46-401a-a7bd-f0fecd1b8949.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 68884a09f5e909113e598997a3e528fa
SHA1 946db1b57596f54dc0ba49f313dde1cf3606ca58
SHA256 0d968bca7996a19756f2061141f83ef2531f69a72e11776b3b11949d697c19cc
SHA512 e57226956464e5edf75bdad6aa92b4364dbf27e18a498cb2c00a625756b2c15c96aa1c1ed9e368b8d7e2a835db9b7ef32a2f7363985c34255896425df8660b22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53e70e98bae73725e480eeb83d0696af
SHA1 3258cd609026537c81466161957edc2b5421ba55
SHA256 3e2166639ee636f30efcd6f7adb7e22e0951c65ecb371ec822ef2d65ad3b52f9
SHA512 b17ebb3aa0c24ad912c4b2736f37200d580f971f4eaa7870ad8d13099f97054b9acc5bd298d3210416a2efe4979e9f7b8c2963b07be2d308d492c1fa394c5ebe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea40fbf12ee48a027c63bb8635abf008
SHA1 22e4da384fb85cc0c9e04ab95f2a50a59f597495
SHA256 ce74431aa6d64428f6e7d48fc0679949413f9b48c83900a7e3ce184e4ce21c8d
SHA512 5ae711887cd19860dd50d4fe030d43bc3fb4d9c37e8e571116960697381d3c9a242f6febefbf832a6806b316426340af23b67920558eebf8203d4f5d26ceba9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e6f6676113f1ba479608ff93b68f193e
SHA1 d600e0a689dbdb9915318528763b500abd3a217d
SHA256 9e0949d093237669d9a211e903204d5551bb8761ef99eb1eb177858e7b07b8b7
SHA512 5c5f16061fc848d139158dd3d23dc5ef1b60194b1a454ed724d16fe78393f90caf3ae04049b51a7fc7c268fc4149b5b69cafdceb6b77faefd43c8140b04d1ddf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8e899ba5fc5fba68b239a0be4c84736
SHA1 7d85bff5859322b2ac76f390f9685388d70cc51e
SHA256 6228c0842180ea616d205e7ba1a6ff476aa6c912caa49fc43dee2c623bbd3447
SHA512 653e0f86851b38ff787bddfa297e804f7e321ce81d18b0f2de863e28a26dca6b3aeac4b0d3acac28a9d9b8ca2f16b3f8b402c2c3af9969688dfc1ddcf5df83f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0fc39e183122980aeed752d277ace70
SHA1 13f43392249c43d4fac4c7bbff0a11392109f7de
SHA256 a8f478f7b818d1bc934f986c5b5cec67b1e4554cb5f34c595dcc94c682963c4e
SHA512 c7f8420388a8c6b2abf0ed548e6a1b768face89d9f844ed28a2ee9902c353addf23d38c7dcf8d503821939940b9ebb15dfc91835383ef25e483da4f4b82753bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 138130a5ffdcf575aa73fa61559511d0
SHA1 8b13ef6b917358e4637c926fd6c27860184f5cdc
SHA256 b886f87d4fba56410688359163e498e10bad5e80dba6942130e7f2874ba3c627
SHA512 ae0f486d597404ca21e9bcf3a14bbd716059432a15a7f62d554d2af95e2a46bbc5d71cd5deafd95dbcc10addfb121874edc35609074442aff773f66769824784

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 8a30c6f705b4c7b0ee52de97aa4bb9a3
SHA1 1d9ebde212814f6568d4af1cc6c5995a8e8e7591
SHA256 12680219f1d1d4a34831d58a03738d0fea9f18f10034bf28fc4bd5509a15b94e
SHA512 292b96bca9a77a6f86b1bb5070aad65c09764747177b0cc6e6d9c006279868fe7d295aff6e493ac829a6aeea672c4dfd41250c2231d96a4027d2d471349e3a56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2c44991c4c800327cc8363fd5988b9db
SHA1 8351a5f6ec66829fd20e0fdce0ebf46138e85cc5
SHA256 27d4b2a088eb1960b318f8ad32c1ec6de7a87d05eaaef2d882307bb14b308a79
SHA512 12b280e636512be7e115573b1bc42501d5fc5b99cf2b5f6732f4601d077a4ff3441a52fe19005eb91e56e42aa75531bfba659767f2b51bdee88a820e91364211

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95d45768d30c0d3a7e044f0b9188f309
SHA1 94b5a432928913ac8774aa6be50ee2e714c45efb
SHA256 bd95329083c97cc82cb95b30e7efd235d3868439fc4765dc8e0b1ea8b2bc00f3
SHA512 fe7ab76139d638fe0e9f00fb8f69fbba532bd10a324323066444eb86658ded63bc509b2b59421393a0003bede42a67536b3ae5c983c7edd237f0e0330a0273d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5285beb0561579a3c18c5ff1c3d5c58d
SHA1 4f422c4757b777d0fec3b3e1015b916f5d2345ee
SHA256 a9f5987433e21fa7a37b12ce8ec3d6ef26e1b0e5265074c633b70cbe92d31e4d
SHA512 ad87dc30ab57d8a793004e0da8593379156b99456c963949ebe53f8b4862f32dbafe723dc43f5cfbbc2c5a857a2667739247851aa96c3d1bbf21f8f5be4b5bdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 460d36c5767e97d800bdb6662ddf2cff
SHA1 634c590838c2e73eb05625972b9b3ddcd6a048d6
SHA256 7fe15a48d495e5e6f45bf7932403b80ba7c11fec274f1b92ff54efcaa5990fd4
SHA512 e693a352df7af5ddb16a1f874203b713b66e2dbe208619e3fd600a00929b60eb096f1b4899542577d890a9b568e85744ef7aba2cc60f5869adbe4cb0efcb3b83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6a58b819e3a80cb10bb81faf1474f51
SHA1 c3671fe0ec33d84704e45895f13e74a5d434e674
SHA256 e884fde6ddad570ad85bd011730bf60b7376d1ece1f7244980a3830cb219a568
SHA512 dbde058c3267520225642b458bb5e514aff3b500141493ee2ea3a12e47117397c4a2351a6493cf4ad5793ec775d77cf6484ce13b09f41890c0084f83fd678f05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed1a48f29dc53908a40e4c1c78fdd0c3
SHA1 c608bb83c86fe8977bff88040eab1c2ae26f0d8f
SHA256 cdb169d68a3e0017285588f49b5e4dc9242cba1664d1e0501276a57afa773bd4
SHA512 1df17ac039b7c9b7e245683699fadf408473a5ffb43d833504f8c1f569e65fe3ff3048f13790c36e0da19f8accd864eb1d4ec364be6e5604137edb9b3fb02fa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d74a7800046af21f8a79cd0f7a1b2112
SHA1 dc89524e918011c46b1fec052f5a702732bf1b18
SHA256 66ba26c8d86dd5a9c05b313d762cc11cd50e1cd66dca68aba7b1e2e1dc8f451c
SHA512 a5c35f9507f1bef4b7ab515232c1712b5cb12a54d445c5c5e86da99a4a00f726289ae883fc30d48313f48c24a0aa1fcd10ff84208d25c094ea3043dfc18fa8d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14813d9321004ac3559e4ec7cf6b9893
SHA1 5af1e3d5729327dc0e9f4daf60d7e2d70c60a63c
SHA256 aaaf5d84b10a2775557d20d702fa2f5f08920c387b60d3e3cff2c573414c9c6f
SHA512 3f66d91613401a7db1fa9d23b435df1c893fa657e63c6309c4bfe3abd5cbab0583d0fbf0ef313e810d3410d55e6b3b3599e979858c348f44c495647fd45b9bc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27bd80aae6a95c44adec91353e9358bf
SHA1 16e2dea8fcb455bf16ef7c2c412948941b000d1a
SHA256 5d983a364b113d252d28aec031b18ed67a771cf1e50a77e276a602b8d2fec202
SHA512 9734ec8ca2dc6fc60b05366f619053c213f5c275c56b5f92590b0a1b7f53fc5243fa792509c6435114994635ff64f5cbefb490133a890fc3eca9b70548b06f83

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 18951ad4190ed728ba23e932e0c6e0db
SHA1 fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0
SHA256 66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915
SHA512 a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6b4ebe233063c0f38659ced79afca5f9
SHA1 ea261eb2934b791443f93ba66729ec994a09d0de
SHA256 6300138229817f22cbdd82961efc251da8a4482ded2f63e14c9eed07c35af75e
SHA512 4bf8a9caa3e263fed190867ec2ec9cd531d8b48e0c058df0c1d56406b780dd6a6a58a9f2d23b73a27b3fe127251b490f906805baa937392928eba822ae18abcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e7b81724d4cded83ccf3014e0845c6d
SHA1 e3bde6bae42ee759cbf70f14b8b870c15e32cbf9
SHA256 5d2b8ca32b2d253c4f8d533f2714dad8c5d4bc7ad4e2a846ff6ccf4759421ef9
SHA512 63cb22cabf09997059994de9da6bcf6af5700b674727bcc541064fd54426c00f22d85fe9e3108868529264b390db6f99e36f2c84fbbb588b1c35497cd6697308

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 895713785eb0b5d7de36ec5be3efcd2f
SHA1 46e87405425c5e578c6fc40a912a9064efe4579e
SHA256 c0dd127f0cb2e3514c65f61302122cf20c502e0be5f1f785804cda21a7ea4a3f
SHA512 f95d766e47bc41c9eb83042d14721570a09a1d1dbf94bc5efd04f36912b6ff0cbd93e941124f55e1897acfb950026bc4085adc52ae13e0379ee15d901d3e8f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b2ad32e07c6455d383712ca53df5125f
SHA1 0eedc7d10e41d972aeaeb524ce6a553c618b897a
SHA256 9c388448c1fb76f60d2052ff2ac3712763b63d4c1a380d6bb018a4704b2811db
SHA512 bf3e4ac78f6c6d8414070fa9ded13c0254a5cec07439087be6b4d5178e74db01f3ab5661707695eb58fd45f0cb64b2aa53a147602802b35c95523230560a8a8c