3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Analysis

max time kernel
600s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	control.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe

Runs regedit.exe 1 IoCs

pid	Process
5100	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3508	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5116	MEMZ.exe
5116	MEMZ.exe
5116	MEMZ.exe
5116	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
5116	MEMZ.exe
5116	MEMZ.exe
2864	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
2488	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
5116	MEMZ.exe
5116	MEMZ.exe
748	MEMZ.exe
748	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
748	MEMZ.exe
5116	MEMZ.exe
5116	MEMZ.exe
748	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
748	MEMZ.exe
5116	MEMZ.exe
748	MEMZ.exe
5116	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
5116	MEMZ.exe
748	MEMZ.exe
5116	MEMZ.exe
748	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
2488	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
5116	MEMZ.exe
5116	MEMZ.exe
2488	MEMZ.exe
2488	MEMZ.exe
2864	MEMZ.exe
2864	MEMZ.exe
748	MEMZ.exe
748	MEMZ.exe
748	MEMZ.exe
2864	MEMZ.exe
2864	MEMZ.exe
748	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2012	MEMZ.exe
6232	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 33	1196	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1196	AUDIODG.EXE
Token: SeShutdownPrivilege	3508	explorer.exe
Token: SeCreatePagefilePrivilege	3508	explorer.exe
Token: SeDebugPrivilege	6232	Taskmgr.exe
Token: SeSystemProfilePrivilege	6232	Taskmgr.exe
Token: SeCreateGlobalPrivilege	6232	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3508	explorer.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe
6232	Taskmgr.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
3344	wordpad.exe
3344	wordpad.exe
3344	wordpad.exe
3344	wordpad.exe
3344	wordpad.exe
2012	MEMZ.exe
2012	MEMZ.exe
3372	mspaint.exe
3372	mspaint.exe
3372	mspaint.exe
3372	mspaint.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
6940	mspaint.exe
6940	mspaint.exe
6940	mspaint.exe
6940	mspaint.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 5116	1028	MEMZ.exe	86
PID 1028 wrote to memory of 5116	1028	MEMZ.exe	86
PID 1028 wrote to memory of 5116	1028	MEMZ.exe	86
PID 1028 wrote to memory of 2108	1028	MEMZ.exe	87
PID 1028 wrote to memory of 2108	1028	MEMZ.exe	87
PID 1028 wrote to memory of 2108	1028	MEMZ.exe	87
PID 1028 wrote to memory of 2488	1028	MEMZ.exe	88
PID 1028 wrote to memory of 2488	1028	MEMZ.exe	88
PID 1028 wrote to memory of 2488	1028	MEMZ.exe	88
PID 1028 wrote to memory of 2864	1028	MEMZ.exe	89
PID 1028 wrote to memory of 2864	1028	MEMZ.exe	89
PID 1028 wrote to memory of 2864	1028	MEMZ.exe	89
PID 1028 wrote to memory of 748	1028	MEMZ.exe	90
PID 1028 wrote to memory of 748	1028	MEMZ.exe	90
PID 1028 wrote to memory of 748	1028	MEMZ.exe	90
PID 1028 wrote to memory of 2012	1028	MEMZ.exe	91
PID 1028 wrote to memory of 2012	1028	MEMZ.exe	91
PID 1028 wrote to memory of 2012	1028	MEMZ.exe	91
PID 2012 wrote to memory of 1616	2012	MEMZ.exe	93
PID 2012 wrote to memory of 1616	2012	MEMZ.exe	93
PID 2012 wrote to memory of 1616	2012	MEMZ.exe	93
PID 2012 wrote to memory of 3816	2012	MEMZ.exe	97
PID 2012 wrote to memory of 3816	2012	MEMZ.exe	97
PID 3816 wrote to memory of 4332	3816	msedge.exe	98
PID 3816 wrote to memory of 4332	3816	msedge.exe	98
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99
PID 3816 wrote to memory of 3596	3816	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:4332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:3596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      PID:1840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
      4⤵
      PID:3844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:3200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
      4⤵
      PID:3936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
      4⤵
      PID:1764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
      4⤵
      PID:4460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
      4⤵
      PID:1628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
      4⤵
      PID:4668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
      4⤵
      PID:5004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
      4⤵
      PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      PID:364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
      4⤵
      PID:3672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
      4⤵
      PID:2836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
      4⤵
      PID:1744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
      4⤵
      PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
      4⤵
      PID:2620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
      4⤵
      PID:5176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
      4⤵
      PID:5488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
      4⤵
      PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
      4⤵
      PID:5496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
      4⤵
      PID:5512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
      4⤵
      PID:3956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
      4⤵
      PID:180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
      4⤵
      PID:3836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7128 /prefetch:2
      4⤵
      PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
      4⤵
      PID:5204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
      4⤵
      PID:5080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
      4⤵
      PID:4048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
      4⤵
      PID:4900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
      4⤵
      PID:5884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1
      4⤵
      PID:5320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
      4⤵
      PID:2912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
      4⤵
      PID:3452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
      4⤵
      PID:1436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
      4⤵
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
      4⤵
      PID:3760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
      4⤵
      PID:2304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
      4⤵
      PID:808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
      4⤵
      PID:6620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1
      4⤵
      PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1
      4⤵
      PID:6164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
      4⤵
      PID:6196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
      4⤵
      PID:6292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
      4⤵
      PID:6716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
      4⤵
      PID:6428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1
      4⤵
      PID:6520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
      4⤵
      PID:7028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:1
      4⤵
      PID:912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1
      4⤵
      PID:1020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
      4⤵
      PID:2596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
      4⤵
      PID:6476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:1
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:1
      4⤵
      PID:7116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:1
      4⤵
      PID:6336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
      4⤵
      PID:412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1
      4⤵
      PID:6648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1
      4⤵
      PID:6904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10604 /prefetch:1
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10400 /prefetch:1
      4⤵
      PID:4236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10284 /prefetch:1
      4⤵
      PID:1740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:1
      4⤵
      PID:1888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1
      4⤵
      PID:7188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
      4⤵
      PID:7600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10728 /prefetch:1
      4⤵
      PID:7752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
      4⤵
      PID:7884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:1
      4⤵
      PID:8184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10384 /prefetch:1
      4⤵
      PID:7216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:1
      4⤵
      PID:7748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
      4⤵
      PID:7776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11668 /prefetch:1
      4⤵
      PID:7384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11792 /prefetch:1
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11728 /prefetch:1
      4⤵
      PID:7648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11892 /prefetch:1
      4⤵
      PID:5396
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3344
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:4280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:5628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    PID:1864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:3308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:1160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:5288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:1404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:612
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3372
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:2436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:5444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:2628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:1764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:3032
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:6548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:6564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:7136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:7152
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6528
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:1580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:7148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:4396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:6852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:4736
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:6232
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Runs regedit.exe
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:6844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:6552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:6928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:6400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:1792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:6380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:7532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:7548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:8124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:8136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:7660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0xfc,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:7604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:7932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:7240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac0364718
      4⤵
      PID:7704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3252

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3508

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c180e2ffbc121a3_0

Filesize
432KB

MD5
0cd89c4dadd70c4b719f8c1d56ed01ce

SHA1
bfb622a10c87cd7f8b3c4ca0159a632310b29bf1

SHA256
e17d3d5fecf33b81e51dff14b6114b411a68ecdd641e085da6e35f6081571a85

SHA512
c0276e7848d1133256e25bd89d6bc79f33c8012ba469130df3bdab3ed1570dbc9a10c6bb6ca4bdb27f2cd6ff41dbf3cc809ff54b41b4ce15f3d9d916be6150c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f528c729230d4ba_0

Filesize
288B

MD5
0531dad3fa7faa2c881a05b1133409c8

SHA1
a03568f16c2db98fcef11d3c359aefd09da1cf1c

SHA256
1a3d83882622002db13363eb1fb7073924105811c2427c50c60e16948dbb5114

SHA512
1133e93ec540d1b9920a89115a5313ab8ffe610560fb261c55e8dc6a4ef8bbe1cc7441c856422bfe8ccefdad087a10dccff53e10e94830bed37baa19c36b0524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6723311ae2cf5f1c_0

Filesize
19KB

MD5
819d9c51513aa2f15528d9fa76a83211

SHA1
5f301f0e3c1c260d6de607aea27689b063ba0d79

SHA256
0d6e33cf51cebb5927dcffd710c7b0724521f7a22b565fbe74fbce48283268f2

SHA512
959423c4796b70700c9aa5b8e9750614115a5d1f23147e7549c83afcc7b2e199e964fae0336dcf4304562ea5d3048bc3799814a9be4881e0c343ad942f2d4b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7add6f93ebfe3f7a_0

Filesize
422KB

MD5
6f91011f1bd740e3e67120c4ad337f72

SHA1
123eab9ab2d3ace138e28b076e53d29e5abce7f3

SHA256
0b774c9313e07312d6ef82235957704b6b46bc22124bf6f975c7b42cd2dae1b9

SHA512
88f5201325f840e4e63448097e8a37284d564f6ac9a81290cb6154a444e11832865961ab8757dfa73accbf8bdf9defc84548c60d7c0ff323aab1fc6a77454b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93d331e3a37e934b_0

Filesize
288B

MD5
5e5724d3d01b9f75175f3453f947b6bd

SHA1
4bdd0c3a0fd9f934262618a4867a46c340f411ca

SHA256
067e1f064792883aaa9c75464c59a652f7fe9905a1eaf4b9e90e871f1d64eaf0

SHA512
b0090f826e60795a37127e7ff1a6ecef6beb1c373f602860bc93204a0b9d53022b7e32ec9ebd23a6fa53e19ef084b328ab7dce9f4dd3c15916e798274aaeb4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
3c2824093feaa428a72b3371644e7601

SHA1
2549844b4ac4f7188aed58bfa1522659c9bae7f5

SHA256
1f4ac977576480145161480a5608dc0ad7344564d1b6d57a8704954fc8adac33

SHA512
d9979b677108088cc97ad2bbc53c9443810f3cf1e438beee33b9bcbceeb0b034d5fc2c7e9671a21a5233de266266525c3bfcda2e708c4544de00ddc42fd7fa67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
98d634391df760aecc0a165a42ab47ec

SHA1
37c10efb6d7054b006cbb2067b338ce88bee3fbd

SHA256
d58de34887cf27ece6d6b6f670906f476636076b6b6b2560c7c50f9c0380edf2

SHA512
fac585488fe45f409bce4dfa2abc8f8d98280ef650fa05cb1ae8a83fe6ba4aff5ae455832c2d1b584806ef25139ab0eef402197ab4b44dda9f392f8176ae540b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f8715e1c7d20b8c94fc73cdb8e3713b0

SHA1
f95663be4c66330d347d017bb686f08f26aa2e41

SHA256
af155ccc6548c65f2f16c82a0449e8349961583a76b6860cfbb11ac33519032b

SHA512
d7607d582a10e15f568ea7167d13076fc66f34aa5b4bd9309b87d7fa3d37a5a81f84ea46c7de4ca48ce92d4c76efabd0f750d88597cc667e97dde05e787320c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
143c0e22fa0d4088aa3cdced8f77b116

SHA1
139a1990ef48ce0580013b6136c5791887fcab33

SHA256
e07e58e9533f7762333b1ddf72d9f78b16532192d3083230b832e8d25436c91f

SHA512
d4c45d2d435b0444277f86a6f2f33a8bc93c9273387514f3cbca3ba7c0bc0d53f7760878a763e4b19dae0c7f9b712109e1dcbf07ed8b9f797c073a3e648f5c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
faca54caa4bd30bb670d24ebed130b3b

SHA1
ab44c3df6ccfa246c014893eac21ea647ebcdd66

SHA256
c34fb405a0cb77940d3a5b2e4648b28b2c4d3ccb339a3538a3f8a15749cdc9c4

SHA512
993b270adb717913c5011a117b5a0d14c934e3c270fcf6da100607d9ede7bee285753fa9843120c68de2dd47cb96def8cb81d2e8a8fa92316b74a33d55248ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9b3cc025380f7a1d22f57efa33344b00

SHA1
1918175a6c568c43d0399fbe4acec6ef3e29bafa

SHA256
d799cf4dbc86df21816fcb90d03c6dc2ce50fbac5df86526f333283e6c38cff7

SHA512
37a0a629890856579fc401fab005d3b80a15fa27ac79c268c538027721f0def61f13305c183c165da4780cdda8d717ddae54023d7643d12cf99b4d72970557ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
26ee74f4422e90f08d3e9311cf93f6e8

SHA1
bbe090a9a1182bbc4cc8921cf1c60f6a8a62c85f

SHA256
1ebadf00d2ede1827f9faca512e88153ab0c3990d43eb22a3f65bbdf0227428e

SHA512
63fd0f8d77a346eba222676ccdf25c68ea1d7ccbf19a2787c4e63009a0071885233e4faa82dfb0d92ebabcb0b8d65f56db4ece3022943ad99aefc193943b7601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c773464a5d75d5a48b44ed6f7c99e6a5

SHA1
1624074f9f4652dc4276bd6bc07ffb8880caeb07

SHA256
63fe3ee949dd72a6789e78f8ae31f7832f641ee1b67a42da2208aeba0292036d

SHA512
14898be4860759691f21014284f34417e014ba8a4768055f550cb6882db5176375c0dbb95cdfe52033819b57de3a9844fc0643bb53e70222c68ae12b25f0595c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1be400ae3f1d22a5bda042b0a8031cfe

SHA1
173cf95cc09b7f300ef10fb68c6bf6cf9e7d6d04

SHA256
769ced8f8917c96679c9b5cc997299a29fa7f82a83a3dd433f9e4236003cec65

SHA512
95cbfb686a74291ee7759f3fa0dda4dd8882efe8c7063e42452754cdaac0997dc2ad3adf519582cbbcf8449c8afd8349db564313b0863012edbe6a72a5ea4d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
604733f8b61354e9ced08818ee9e54b7

SHA1
23c453256550714f581a3a265dcac3cb5606579e

SHA256
644deb0520e9f6f8a6d0995cd80318e06c397cb6ae0e0715cd93db33b60e1f12

SHA512
cb72e44bb20b8e1035c3aa65353848bb203184c979d4db4682de1a4d22501a5829f7564ef9226aa647e1754edcf10b560b9156e8781395944837074d72ed8384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b72fddca746aee59e040d27f05dc0899

SHA1
948ad976c9ab751a3cffe78f2304197b62aa4514

SHA256
b47777de27365b16bcbf52f92622c52fe006ee12398c8df045494ef201fe8cff

SHA512
ba696f7dcacc7f64ea46bbb8a5132194208740b330ab58b11336fb579673c5dc17b804b3df3cdac2641de7f1c231b00a7468fcda5935ba620abc274a3b125cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cb785c9072144f951cb31c6b34357a81

SHA1
82ffc52bdebe4440fe086d8466cb77e5fd4ea2f1

SHA256
76995f7c6b24cb6475303ddc8b538a7477c8fb6f5beac00aad488782412568cf

SHA512
2b94c9e37d005ffd652ca2ed01a577f04e545ca64aa12148611cff7f1b0604a63f3006299c53293fbb2ba333d2227eb5419ee51190d1b1613fb38762e2d6047e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
ddee7949f00470b69e737a7f576f1205

SHA1
f064ee8ef975aec8df4c00d98497366b7c7f2638

SHA256
a069beaf977be1eabae3e1cee6d2f529f779fadbe0f29530ea99906a4a619458

SHA512
0e1e033dc008d54ddf023da209dadf2281dc0e113b52735c632da5cb8e58607a83257a00ab95162d5b0e3361d0e14db7bc135e5104f8a0797fbecfecd87368a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
c1e7d2a4c432f8067ebd52fa4467a728

SHA1
1c980dd8f61f9fd3b5f3646fbf368888c4157695

SHA256
88f13e95ed20b63353cab128e5e85e9bf0c29780518db34479ad71d5524d1713

SHA512
6aabccef70fe1c2762388504409ac804a9352ad26d4d07c94c35503a90e3bd601a4f0631ef2952e12299616368d7f618104a3a10e07a4e80f5e877c886766e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
20ebcb046b4829d8ca8080ff8404379d

SHA1
443a767e67951cd30a6fa4525f9217f218a5e39d

SHA256
24beff4dd7b5ec46f7bdf5a4c822aac86e22c6dead19c506ae2147198efd5d0a

SHA512
d1ad117e54bc71a1779402abb479632ed52585cd41b7b76ce2bd6963908a0c6b029768216f7aafcf3685eebaefd17afc5ef921fa948852192dbea3a1a9e96349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
fe940a328eb9e2a76a2917d4f54bbca6

SHA1
5349b7b7e7250015f76c8c8714080846eb44c659

SHA256
ae9a0aa16029d5e2eae66fd8e43ea36e93446753c62a190d6e64f1e4178d1b31

SHA512
1852363e9924d48815e03eda7a189dd518958e8eac2c98b1bc991b8559c5b66ebd683bef5f3d9b54f0497e00f4ffadc4fe8af62424b4753ee16254edc2b052ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3e0e83bc4124050c62b1550ca293ae9

SHA1
7d27a9c220b803b957d8be948e0b1e36332e0104

SHA256
3b1022cbe14fb462d8e9f1170481f89b770c992be930578d4f6df0f478b01d3f

SHA512
fb82caa5dcf592778ae6d2b057e8e6c527f978cdfc97ff7d838d71b0955757d1a2608862554115d36394bf3df66fa10549c6aeea70ed31901303f3096f1a4371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a27e1c4c409c8a4b650ab5dd558e16cf

SHA1
c5910974483f0cebb4713d7ef4672dd682c6c4bd

SHA256
697b3b2fb1842eb521202992459c3f536e131df48da3202a5f3e22bfb389531c

SHA512
82205537dfcbcde1547c6ae2372ecfd208e3ef900c0ada366ff36c7d301b7402c8a825c6aef76f0a70d68b61d7520bc6fc7823174cc04043ef363b6263a4351a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
dbb48fe27cbcf52faac531c103815572

SHA1
6c59fc6757ee0dd26845feb40134330d593929ca

SHA256
c8cda71435d6409a7a0cb11f8d0b5e5fb7e3334ef59385c3db41e2a0531db262

SHA512
8fa709f3cc85972882dc8da672be625c423692b0cd1f2354ece233502b6de77a391a05f142d36daaf3311d5b3154b3888a0b5a62f5ac92edbe8b0895c7055598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
79427e0a7d850e45610c231faabad9fe

SHA1
012fbb6a993b9eb2b9ece962437f2b4029f7e0ff

SHA256
2b1af909376c7a43edfed20ae332df6fe475e867ca0341cd357c0291463901e7

SHA512
dc1db361fb7b07445b462e9718129775a2df19c35ad409af1bb3c3b4c7e589af08bbecba566d941c0b41a1b4dd8d380c2db3d06038f33cd78a46987db0695e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a691ed3820e31d76c91836438978fabc

SHA1
7cfd57b4eb7fcba64a8046a40e61f50dfb97bd04

SHA256
54613ae1f960b0f86feb5156f71ae8e082d77625cd0f012f10e90ab15a899c6b

SHA512
90847a0b44338d25cb3ad65a5d1496d3afdc0b2a190331a5326bee429abd7d1e588a2d71715e0c4602ac24ce2ce15ccbaca0a67e7e24715c6b0b24d8dbeafc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
2eb7ac930a64a454eb2fb2dc2b00da48

SHA1
13c0eb9a410678fb7d6635517fb8874e3ad538d8

SHA256
3fc623f923cc68a6fd8b6c43e87b30a528b1281bfb6bb7c4da5e91bcae1b510b

SHA512
024dddcfce7541dd5e5e2a5a4ba4d09a120e8b0d5c003defa951524aade76b5065a10c2a6394579298381279e367faaa752944d85df743f51a2cc0bd26e29531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
aaa56b031c86159841a62466ac09990e

SHA1
47575a3c8505748e95c0074bbd295e96609c19c4

SHA256
404a2649b5c26774446871c5e806b249e508e30b485e5064abfeb2da0890b0b0

SHA512
03eabfe24bdfffc22019b22b988d2142e8ac9ac52503a50c75be148b85543aa8b55919288df6539a9423b85368474287fea4745b82c9d31e13d2e931d7d6f63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b9ff58dcbc0e370df156bd721e9c7a7f

SHA1
e117b6bc081d95c0e7100b1500b27911dc65cb79

SHA256
e9973e58d881a68f36bfbd68a9f96096c0039d8fbd0fb1aae41802d3816a950d

SHA512
39db08a690e86dc1e313dd3969c1cdca7c093a312d5acf82b5a492cfa85c83e8f2130933de4957f9f1d7a6afa76606c12a5f997dd7d08dc39800fbe7a1eadcc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
e51d3a74bdab019bee30e33036dec213

SHA1
f9f400fcc5ed89eb01076b5d34f5b16a14c01d55

SHA256
5002a3014bea2d50adb6b99276672757fe71a9f01069ef56352a79d819129861

SHA512
ce6926880d183fd0ae0c7801ce12db09e04f5703303516cb9cb21c3b0848bfe15548b73701a9216268c1b926c43ca50837a3e4a3fe7bdf3d9551dc48bddb8380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5d5caf4a1aedbf3fc62478430b4c218f

SHA1
2f03fbdc252ec8a268eab25a4221db8976d310e1

SHA256
cf79832c610fb732085f9ae73823d329dd7bece690eeb3dab24daf603692b4ec

SHA512
3268929ba8a043185ff1626c24089676b92e259feca7c601c7a71e0fb3af705baf7b3f0e4179cea96c74bc1ebd1e6fed6a94c34f76a32cd8bb0afc28adcdac29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70cba3cf7f181a73b3eda11a0b31c2b5

SHA1
3e370cfdb2502f688fa6ab213b54cb9b58791422

SHA256
7ae8fc117ff23d9a1fced51dbc367b62b38be8169ff11ab3a65e055ad89eb451

SHA512
b25ae8ef99a449256483e55176de35a5c572f6c2bc44306aed1d3ab9637822d06a3574b4768468206f41a96efb492ffc93703557a123de9b9342828ba44c65d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
8416167a75e1e5e4e61742a82a17073d

SHA1
719d94e80f9de822a2ed918b49c5966ee595d1ad

SHA256
6ad7804220d300d71d07e8fbab60c3f107bd4b508dc367952bc78642737a3e81

SHA512
5599d6ebd1a1a7185db454e174e6b98a2d1a9755236caf942b306288bb2c2270a122fa24fea4ccc7914f57942ef4cc34f1af4656ccb5d1f0465f23692bb9ba15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4132397682741088b0880d1edde4a2e3

SHA1
a0ced445b84eee0eb0e3d2938d064e1527a6a781

SHA256
9718edcb8025e876cb6d2e336431abfb231b13b880c4588c3b6eee8b58e05d33

SHA512
dd3a67066cb4cccd91ca2defc719770cba8ea633546716cde21ca45cc9e06a33752d731f70f750f99c8289c586cabf841b0e42ab2b44c3c3e2fef7dade059e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
7cef14b2a26a038aaee08468590823be

SHA1
de245e2cdb111993feb28139f2eb48f4df5ccda0

SHA256
fd6d250ea532f7dcffaf6fede95e064da3151365f8c11ef6b6855331f5c67c5a

SHA512
64cfb08962e27f0ff7d6e20fa9334dde2964137bff2a210f06d8586b54ac4425d2ea3996676b651c843ca787f5448b3d36e2cbc5d8cd58aaab2372a57ce0dc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
5bbbfe12564983a0a4f9f1a547860bc5

SHA1
9cc5fcf7d3054d5510154596176dbf10a926c132

SHA256
0298ac35afe4301451058391d7da02084ca148ada93e96eccabf8ff4d8147daf

SHA512
8ba31db034c4b110eeae429761e4be84ff88ebf827acb915a14c1f3f713c0dc4e3291c311227b3ad01ca9fb5da2fe10cc36152fb6817e67eb77f9a712b8adf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b058a0c9a81641d372f7c62574de3d88

SHA1
509ca6e830ac413c917c1a6b40ef68fbef2c11d2

SHA256
d67b739ae5c7d160dd71aa327dfdc44125e7114bb26b0c7a9a471fbb8f9e8869

SHA512
f5392ff4a671d5604e308c0b105128b580051d322aff2a6b700b34446d040554faed0cfb70417fd6e923d144a8c84cf94ce97520d9c4cda996945625e34a10b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
472b0e1af8d344c735c6f92ac0009f15

SHA1
8d59789e8fbe7c6ff1540b161e45a963e0de6f7e

SHA256
35b6f29907f249fbc8fba9edf371aa47871132d6dbc78040a14efdf3a7da9837

SHA512
a954a764e2d30651d752a122d1eac47855915a3743ccdefcf996ebb9cc91b5a924d4b1ff40d9c42fa0e6129278295026eab720cb1fd71549b78c8ac24fe1d96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
d8f2b47ca11817f024fa55138a45a716

SHA1
4bd74820f36c125383990781c60439e6f19613de

SHA256
8bc7453f5cc1b8f1e4ec1de83a374b594db2b4be40dce1936fc3e291b6ed67ff

SHA512
adba23513937151efbf106b5a558565398a2f3e7a360ddbe46cc8a6f41491147bf045d1e30ac8171e9e10e4c58675fc4af455b54bd5c4bb6b3eea68905aaba5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
0d582ee72d84c132cd759546f1fcc193

SHA1
9bbd6264fe4507949615b2cb05de8bff74b0cfbf

SHA256
657445c53a068d4f90f71f160f52ba8418175c94a22fc2c2bb5aeeac3a945ca9

SHA512
0ac176ba9c2b7847f60561e348906b849f6e71a7145b36c5aace2fc9ce92805a0d3107edc42981a0012ecc683073e58000fdf4149e2fd467497b6d91d75bcf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f4497deae939beb6086d0b1f065fe960

SHA1
09ffe88c06ecba8d18edbd51b1b73f7420d4141c

SHA256
30a0ea23f5a42793a89e58951b3df09d62652d490d095c873d17dc8bd6df23fe

SHA512
ccc176b6a786aeff19a6445268f714694ba6a6ea1f959f48bf237fc3037e224965dbad728a3c2d0e139b651322e8f59cb13ace8817a6bb9c7305c8066eae7dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
18cb8adfd059b9056c4d0b97b8226d46

SHA1
594f4adc3e75864975837adc26f002a208af7f6f

SHA256
509b034344c2dc9188594f98dbc81cb7abbdf182e3bd26bf52e2b795174a1cad

SHA512
423f295e95da86e675017b52059f2ffff623ab59b38b759d81ac87204439d6a54876ab387804db3aaa770430d9f18a017b913fc5c763b1234dc2652341d8b34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f98e22118635b1435d2ba5fb60d54215

SHA1
aba417536c8b12f757883351416fe910de1abdb7

SHA256
af92932a4cf412e62c67281ba939c4360dcff8bae1868b89741cfe8bfe219adc

SHA512
61a80dcf7bd9ea60d6ebebfe5a0f6a9a9529a115756b22e03cbdbd290cca76f2b780340ecffa3ccf6c4df96b811db11cd1c3f8ce8fe4e2ceacadf35772a12da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\fb6d702d-9844-4703-ade0-e2119c2e77e5\index-dir\the-real-index

Filesize
1KB

MD5
d02fcbe4359f2ca1ff907630fa34795c

SHA1
16a680cd6a584596b7cd34b7264f8623c1fb7dd6

SHA256
c3fd137e287805a8a4ec1e293967e3f7e68f8271740c668f4cf895206cd235e6

SHA512
8be33aee642e71731f8017c9f2a8385aaafa55f1223be5edb3f90636a5ea5cac73c5b3957ae9c8d80b0e8c6426e8b2971a3774546d464848fad18658a7a09da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\fb6d702d-9844-4703-ade0-e2119c2e77e5\index-dir\the-real-index~RFe596901.TMP

Filesize
48B

MD5
e5f36b795616f31a1d75aebdc4a75f74

SHA1
c4f1a9360352dec32dbb90f528666fc5a6ba20ef

SHA256
b0c396a651a7a00125dc02b9226d0723cbb377e2bd114b7087e7f72ce8163810

SHA512
7f5129610bac64d0c6b57b8ba0aebdb6560d23ad8c908dac868b78ec5bc41a9a73efe8e13168296b3e7f1320a0ccc82f553b0cc631ad5db4025c83f7ba005292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
115B

MD5
b4dd5cda4ae7e5ea21e0a348f714cafc

SHA1
c61b97b044e347082c63c910da1b999dd80150d6

SHA256
0f50320c6e5405700b5d2f7afbdfac366b802efcc9c7a92c81fb8e1535258cc1

SHA512
9d5c713a382861ce7c5aeaedfe438fcdc7f1757bbd040c06abf83b7b9b86c55c83a940f0964ae912fe30f1c3865079d820dd22df5bac49da0e437f5072962041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe59693f.TMP

Filesize
119B

MD5
dbf8ba169390207a784baac32e286ef7

SHA1
86227e46194bdb9c440dc1cb144919d80633eed7

SHA256
32166ba762304d32742808c33b6706a1d430c25e8762f05a0447bee4362a2da5

SHA512
a1c8106f1269e2ef8adafc1a6e430a4fb660ffda78969226422bb9cff6fd34e82ba87f62334c759892828e12c85692f7feceab6111ee5de9d964c958ce4be9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
93db97156801c3b5fdbed153686fad0f

SHA1
017a0d0bf4b5e941e4e6b250576d1779e3b7d85c

SHA256
8eca08a8a65a82dfa6de21596551687ad01f9dff84714a3fa774147a3789c96a

SHA512
cb564c17c48a5d208710456f9e92ffa58e5d32874b098323a53949aa2ad8f11fe278d93dd01087ad0388ca16437ebb64236689755c6127f1db47b84431bd8b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59624a.TMP

Filesize
48B

MD5
f5c68fe3bd2f975110e659fcd0918479

SHA1
1e9498ca5c7ec94670743d1701204af6a92f8ce7

SHA256
9cf4af8ee1c6b3a082c48c26b784c33c418549f8665a39ff2d05c88707d235a5

SHA512
c20421671df4dd587d7c3f1f4267bc97b3987b0819d84717dabc165e48a9f812bccdfcab646edef80466106c8e0717912489e85f3ff9a36ae066e3751c595c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3c9ee24b473aa3337332663dccc76802

SHA1
5087fb77d00716016d6db641140c305154d091bd

SHA256
23d00b7ae7c68c1972ead760bfb710c69969a42cc9cb9ba301de07b231794bd1

SHA512
09f4a1c9bebb394ce6bf6e1befdbc21ca51b2c1b7f64c0d6ef6fcaeb5b9c9afa9359a4a1da765bbd78518a7163c106bb6a28291c21c532bdef6b5cb771541291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
27ae66d2066821c9f2dfd5da91510bf6

SHA1
1e1cc156a7e36346963d5fd3bfe231ba3232e0b1

SHA256
188fba000f24f68e0a7551b9b530f776e7ddad4229351a31cba43779ce24ba53

SHA512
2c63dd61ce4aa3b30051a0d958635a7f23b035f5f8e0c639ff679803b478413e798f83fe0a27f2532854ddb9499e46a12fbb7df528d667f2c641f184aa45a3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595f6c.TMP

Filesize
1KB

MD5
37a7a7e70eae9021f6a44e18077600cc

SHA1
856ec862a578a8c33c75be4e31aefee9561c8e50

SHA256
6e688ba2de5191069fe9bc0f40089c88034b49f7c23b23010755db009b0c11ef

SHA512
fa541670b3f21ef0ef1dfd27769ccf04bd9436f69ed7a12ee43ca0c1fa2ecd59ef98f1cd9ea9aadc43754d941861ea85f1748cbe3b0688b2ac969d176ca8771e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ad6499501cc73226f56da09a8a85225

SHA1
dcdeedc9e0e8c4c7a6884b5bebe427898593c64d

SHA256
1e6c55df582a71ffef1daac361f504b3465640b9787909f95545e5dc2d8e5e57

SHA512
bb3172dece41132e179656b8de0001313ffd8446b38af4544d123302770c9dea4b6a8c9da8578c0d1cba58b914666c8110592b2d854ea6b4caea65846b22237e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
543187f03a81c2a3ee83f8f1d671dacd

SHA1
e22569c68ceb68124ee6747d31013db39640289e

SHA256
f0f0df5ccffebc83c35fa9279a6a99b158f69751209b20af0be390d1cb1c7386

SHA512
f331bd465a18449f6c5376090ca2e7772c3ac8e65d54403391bffb8c119f9145808039380b23148071db907acc2625464ee7dd7b788e78b2e2857a649565a643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29b26a466a49f144c5b0b4511ba97c5d

SHA1
a7434e0f5ac2d67290993464e819b095df381dbe

SHA256
e2b28f81a426227be36af607b15c198c53a241a682f567c21b2c94556b9df51a

SHA512
7b4b95605daa4fa3167d75cb393e40025a3f3624ac5e4acf757ab31906d84f77917ff50a6251fb9ba76676b5afdc5fa55cc197300924502bb0bad579fb875fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bcf6690c29cbd01b4b7918abeb2f17e1

SHA1
b7337783daa30a48c9814b0f2892a4b7200f6279

SHA256
97625d444f9487c7b44b72e6450482879abd9aaf936a3b26f17d52d60e2f296b

SHA512
0858df12c93ab19a8cffcf3e42d7d20c17dca3049cb904dafe1e08fd1af060395e104818ee7bc5477367ca9015a2a33e574e9ace832123be7fdb173151d16dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d2135c1f138cbf7f59ef3619a46a2e6

SHA1
4fe220281889ce3f05f01e1ac437148189768011

SHA256
4eb0891a8da241b75d3da64daf4878fbc06b3c59043a1b95bec95d58448b355e

SHA512
155f45c96c345d4c02218e0fc8a5cfd8880d1f2a028c6ead2900fe903c4903ba357fefa1332089a586dba8c8c2932e4a618821d3920b5f2aaca46ac047bbcaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
44bacea3f695eaea934d9d997ba1502b

SHA1
70c826f0933e3c6a0dd4b3355963f41eb79a982e

SHA256
e944a24f096d45d6065001d36bc023d0ccd52606c4d2299e91001182cd62db98

SHA512
38117518d8f2c1eb178a0f1fcae182e079c95e788225012f13bf51b80b3c7e8747ad3ea486a3e8835c81a27fea20ff0c55750d69febb95775a088bd60cb86eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
666ce2c032988455e5ce27d0ffb2ece6

SHA1
4d410a5169c2b780f87823eb30f6acea5021ae8a

SHA256
c816a3802905a64963372feaf4218d0be7e0da0ed22b3f013f39d440d72b0cbd

SHA512
bea241261f46c397e0af0d3b0580b344baaf9aa3add48941b9bea54edc5ff926e21043ddbca3c5e334b92b7a6aa9ceedde750404b9ed92a4999ffb0eb82ed049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8bfef11818934b8f54e2592636633982

SHA1
2b96d39f17ba33ed060e4b5d2ac371afe86f5390

SHA256
87c2f474f47d12fe11d4b373041ab7d6e30e79709abceb7de1fd8f60ff7e3c90

SHA512
da07be89c595c2fb408771a7609b8a2f8dd616b33b72fb72d3863726b1002f8b23bee6a738419ee64a91faab4bd703ef28127e8f427e583fe807064a8e63560e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35db7f6406bd38e7e245a597945d9683

SHA1
e92e0ce57294ddfa88fd54757af1772aaf018e8e

SHA256
152c6bea48ccec51ff6482a09fe8cae5133fcc442f7d2eb4f91ebe2fb6f04f12

SHA512
ac34d3510bfd12d6ae7fbee2ca3d516bbd6e1a5cb59bb8a3be3f1c85184ed0be8aa4875a47d24deed7856d640f4c818d842f3596c993e653dd1079b2601af871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91f7c6a2340def581e593cb8508afa07

SHA1
43be36762cbfeb959393e84e82f6aee25d51755d

SHA256
5369f443ff034b295f59216ac243bb04213415912b794c86b9f6b593c3ae8327

SHA512
960c0e422253c24346a1ea8c58d80b054f338ec82eb3a0b9b302e01f8999772ae2cfd53ad1955461e2fa0f74eaff41b42f596ac5eb7089fe7367dd40e845f507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f34880f46b2e068d8618dbcdbc15e7b9

SHA1
841851c9aabf137b11fde0729a8c742c80e5eadf

SHA256
8460aa77fae54b77a8ded1571a293dbb06f4c025dd1a9bc4838ae58f9845cd86

SHA512
61c84b08c5defcd28b718a10684595aa52ebb5f662cd28b167bc0d78e9d68f5f0bf074f1b4835a787a2b432e0a50fc7e706eb7300b3537605be53fef8707df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0105cf82b7649dd63fe34ff9c75d407c

SHA1
a25d02e992195dc83dc27ecb20d125a0d6e93795

SHA256
7e44c9baa18959fa64a920cca3e4b112c4992a3f316de72c0ef4866538973712

SHA512
9ccb3975dda0c80dea2e1a03d186827800111fe826de9e9cac9cce503312e8cec7ee33bb4d7f8159358a4b6830c19cfa0ead2d01306d48ccff97baadf7e2ac4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
677a0ff7b09508b0e0155f5b1904d10d

SHA1
050f93204bf771dd8b746299431633cd1383cbf4

SHA256
dabb999e672f2b4de90f75cfde5cbc5e56aad2fc1239d1f7654317f4180b7921

SHA512
8ab13272fe1dd09ceaf470e7ecee51f61d00ef7297a58f17a0e3f861e05ca18abbd793d618eb276e6896378fb6819d1a459ee6822cbfa2a4afdd90304d458945

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
1KB

MD5
dcb207669cfd5481c0636b245c03081a

SHA1
8705c67f45df2fe982b356c32f4c8cdcfaf84af9

SHA256
3480b0c992651f30eaec34b0ec474c95e886ca1bb829bab06f662b74caee4564

SHA512
f1d017923c440d98fe1acf09810ee24499ceee346e4f4cca4e42173b52f2cf5bd3751d3a8a034f6e63485faa11b3728d691bed607e4c2f01289356d5f4270f0c

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/6232-1347-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1351-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1352-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1353-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1354-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1355-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1356-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1357-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1346-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/6232-1345-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download