Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
600s -
max time network
602s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06/08/2024, 22:39
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
MEMZ.exe
Resource
win10v2004-20240802-en
General
-
Target
MEMZ.exe
-
Size
16KB
-
MD5
1d5ad9c8d3fee874d0feb8bfac220a11
-
SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595
-
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
-
SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
SSDEEP
192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wordpad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." explorer.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings control.exe Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" explorer.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" explorer.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" explorer.exe -
Runs regedit.exe 1 IoCs
pid Process 5100 regedit.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3508 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5116 MEMZ.exe 5116 MEMZ.exe 5116 MEMZ.exe 5116 MEMZ.exe 2108 MEMZ.exe 2108 MEMZ.exe 5116 MEMZ.exe 5116 MEMZ.exe 2864 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 2488 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 5116 MEMZ.exe 5116 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 2108 MEMZ.exe 2108 MEMZ.exe 748 MEMZ.exe 5116 MEMZ.exe 5116 MEMZ.exe 748 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 748 MEMZ.exe 5116 MEMZ.exe 748 MEMZ.exe 5116 MEMZ.exe 2108 MEMZ.exe 2108 MEMZ.exe 2108 MEMZ.exe 2108 MEMZ.exe 5116 MEMZ.exe 748 MEMZ.exe 5116 MEMZ.exe 748 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 2488 MEMZ.exe 2108 MEMZ.exe 2108 MEMZ.exe 5116 MEMZ.exe 5116 MEMZ.exe 2488 MEMZ.exe 2488 MEMZ.exe 2864 MEMZ.exe 2864 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 748 MEMZ.exe 2864 MEMZ.exe 2864 MEMZ.exe 748 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 2012 MEMZ.exe 6232 Taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: 33 1196 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1196 AUDIODG.EXE Token: SeShutdownPrivilege 3508 explorer.exe Token: SeCreatePagefilePrivilege 3508 explorer.exe Token: SeDebugPrivilege 6232 Taskmgr.exe Token: SeSystemProfilePrivilege 6232 Taskmgr.exe Token: SeCreateGlobalPrivilege 6232 Taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3508 explorer.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe 6232 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 40 IoCs
pid Process 3344 wordpad.exe 3344 wordpad.exe 3344 wordpad.exe 3344 wordpad.exe 3344 wordpad.exe 2012 MEMZ.exe 2012 MEMZ.exe 3372 mspaint.exe 3372 mspaint.exe 3372 mspaint.exe 3372 mspaint.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 6940 mspaint.exe 6940 mspaint.exe 6940 mspaint.exe 6940 mspaint.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe 2012 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1028 wrote to memory of 5116 1028 MEMZ.exe 86 PID 1028 wrote to memory of 5116 1028 MEMZ.exe 86 PID 1028 wrote to memory of 5116 1028 MEMZ.exe 86 PID 1028 wrote to memory of 2108 1028 MEMZ.exe 87 PID 1028 wrote to memory of 2108 1028 MEMZ.exe 87 PID 1028 wrote to memory of 2108 1028 MEMZ.exe 87 PID 1028 wrote to memory of 2488 1028 MEMZ.exe 88 PID 1028 wrote to memory of 2488 1028 MEMZ.exe 88 PID 1028 wrote to memory of 2488 1028 MEMZ.exe 88 PID 1028 wrote to memory of 2864 1028 MEMZ.exe 89 PID 1028 wrote to memory of 2864 1028 MEMZ.exe 89 PID 1028 wrote to memory of 2864 1028 MEMZ.exe 89 PID 1028 wrote to memory of 748 1028 MEMZ.exe 90 PID 1028 wrote to memory of 748 1028 MEMZ.exe 90 PID 1028 wrote to memory of 748 1028 MEMZ.exe 90 PID 1028 wrote to memory of 2012 1028 MEMZ.exe 91 PID 1028 wrote to memory of 2012 1028 MEMZ.exe 91 PID 1028 wrote to memory of 2012 1028 MEMZ.exe 91 PID 2012 wrote to memory of 1616 2012 MEMZ.exe 93 PID 2012 wrote to memory of 1616 2012 MEMZ.exe 93 PID 2012 wrote to memory of 1616 2012 MEMZ.exe 93 PID 2012 wrote to memory of 3816 2012 MEMZ.exe 97 PID 2012 wrote to memory of 3816 2012 MEMZ.exe 97 PID 3816 wrote to memory of 4332 3816 msedge.exe 98 PID 3816 wrote to memory of 4332 3816 msedge.exe 98 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99 PID 3816 wrote to memory of 3596 3816 msedge.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1028 -
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2488
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2864
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- System Location Discovery: System Language Discovery
PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:24⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:34⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:84⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:14⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:14⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:14⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:14⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:84⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:84⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:14⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:14⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:14⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:14⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:14⤵PID:364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:14⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:14⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:14⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:14⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:14⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:14⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:14⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:14⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:14⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:14⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:14⤵PID:5504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:14⤵PID:5512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:14⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:14⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:14⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:14⤵PID:180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:14⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7128 /prefetch:24⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:14⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:14⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:14⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:14⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:14⤵PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:14⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:14⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:14⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:14⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:14⤵PID:5252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:14⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:14⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:14⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:14⤵PID:6620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:14⤵PID:6712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:14⤵PID:6164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:14⤵PID:6196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:14⤵PID:6292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:14⤵PID:6716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:14⤵PID:6428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:14⤵PID:6520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:14⤵PID:7028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:14⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:14⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:14⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:14⤵PID:6476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:14⤵PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:14⤵PID:7116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:14⤵PID:6336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:14⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:14⤵PID:6648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:14⤵PID:6904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10604 /prefetch:14⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10400 /prefetch:14⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10284 /prefetch:14⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:14⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:14⤵PID:7188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:14⤵PID:7600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10728 /prefetch:14⤵PID:7752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:14⤵PID:7884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:14⤵PID:8184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10384 /prefetch:14⤵PID:7216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:14⤵PID:7748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:14⤵PID:7776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11668 /prefetch:14⤵PID:7384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11792 /prefetch:14⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11728 /prefetch:14⤵PID:7648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17435268317710677392,6414726722431664971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11892 /prefetch:14⤵PID:5396
-
-
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3344 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵PID:656
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵PID:4280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:3812
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵PID:6008
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:6016
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:5576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:5628
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:1864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:3308
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:1160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:5288
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:1404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:612
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3372
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:2436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:5444
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:2616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:2628
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:1764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:3032
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz3⤵PID:5436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:4508
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system323⤵PID:6548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:6564
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:7136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:7152
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
- System Location Discovery: System Language Discovery
PID:6528
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:1580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:7148
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:4396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:6852
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:2660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:5816
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt3⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:4736
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6232
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵PID:6844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:3276
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:6552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:3268
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:6928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:6400
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp3⤵PID:1792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:6380
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:7532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:7548
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵PID:8124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:8136
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:7660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0xfc,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:7604
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself3⤵PID:7924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:7932
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:7240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac03646f8,0x7ffac0364708,0x7ffac03647184⤵PID:7704
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3480
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2972
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4440
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x49c 0x40c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1196
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:3252
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3508
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:2436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
432KB
MD50cd89c4dadd70c4b719f8c1d56ed01ce
SHA1bfb622a10c87cd7f8b3c4ca0159a632310b29bf1
SHA256e17d3d5fecf33b81e51dff14b6114b411a68ecdd641e085da6e35f6081571a85
SHA512c0276e7848d1133256e25bd89d6bc79f33c8012ba469130df3bdab3ed1570dbc9a10c6bb6ca4bdb27f2cd6ff41dbf3cc809ff54b41b4ce15f3d9d916be6150c4
-
Filesize
288B
MD50531dad3fa7faa2c881a05b1133409c8
SHA1a03568f16c2db98fcef11d3c359aefd09da1cf1c
SHA2561a3d83882622002db13363eb1fb7073924105811c2427c50c60e16948dbb5114
SHA5121133e93ec540d1b9920a89115a5313ab8ffe610560fb261c55e8dc6a4ef8bbe1cc7441c856422bfe8ccefdad087a10dccff53e10e94830bed37baa19c36b0524
-
Filesize
19KB
MD5819d9c51513aa2f15528d9fa76a83211
SHA15f301f0e3c1c260d6de607aea27689b063ba0d79
SHA2560d6e33cf51cebb5927dcffd710c7b0724521f7a22b565fbe74fbce48283268f2
SHA512959423c4796b70700c9aa5b8e9750614115a5d1f23147e7549c83afcc7b2e199e964fae0336dcf4304562ea5d3048bc3799814a9be4881e0c343ad942f2d4b23
-
Filesize
422KB
MD56f91011f1bd740e3e67120c4ad337f72
SHA1123eab9ab2d3ace138e28b076e53d29e5abce7f3
SHA2560b774c9313e07312d6ef82235957704b6b46bc22124bf6f975c7b42cd2dae1b9
SHA51288f5201325f840e4e63448097e8a37284d564f6ac9a81290cb6154a444e11832865961ab8757dfa73accbf8bdf9defc84548c60d7c0ff323aab1fc6a77454b7e
-
Filesize
288B
MD55e5724d3d01b9f75175f3453f947b6bd
SHA14bdd0c3a0fd9f934262618a4867a46c340f411ca
SHA256067e1f064792883aaa9c75464c59a652f7fe9905a1eaf4b9e90e871f1d64eaf0
SHA512b0090f826e60795a37127e7ff1a6ecef6beb1c373f602860bc93204a0b9d53022b7e32ec9ebd23a6fa53e19ef084b328ab7dce9f4dd3c15916e798274aaeb4cc
-
Filesize
2KB
MD53c2824093feaa428a72b3371644e7601
SHA12549844b4ac4f7188aed58bfa1522659c9bae7f5
SHA2561f4ac977576480145161480a5608dc0ad7344564d1b6d57a8704954fc8adac33
SHA512d9979b677108088cc97ad2bbc53c9443810f3cf1e438beee33b9bcbceeb0b034d5fc2c7e9671a21a5233de266266525c3bfcda2e708c4544de00ddc42fd7fa67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD598d634391df760aecc0a165a42ab47ec
SHA137c10efb6d7054b006cbb2067b338ce88bee3fbd
SHA256d58de34887cf27ece6d6b6f670906f476636076b6b6b2560c7c50f9c0380edf2
SHA512fac585488fe45f409bce4dfa2abc8f8d98280ef650fa05cb1ae8a83fe6ba4aff5ae455832c2d1b584806ef25139ab0eef402197ab4b44dda9f392f8176ae540b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5f8715e1c7d20b8c94fc73cdb8e3713b0
SHA1f95663be4c66330d347d017bb686f08f26aa2e41
SHA256af155ccc6548c65f2f16c82a0449e8349961583a76b6860cfbb11ac33519032b
SHA512d7607d582a10e15f568ea7167d13076fc66f34aa5b4bd9309b87d7fa3d37a5a81f84ea46c7de4ca48ce92d4c76efabd0f750d88597cc667e97dde05e787320c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5143c0e22fa0d4088aa3cdced8f77b116
SHA1139a1990ef48ce0580013b6136c5791887fcab33
SHA256e07e58e9533f7762333b1ddf72d9f78b16532192d3083230b832e8d25436c91f
SHA512d4c45d2d435b0444277f86a6f2f33a8bc93c9273387514f3cbca3ba7c0bc0d53f7760878a763e4b19dae0c7f9b712109e1dcbf07ed8b9f797c073a3e648f5c60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5faca54caa4bd30bb670d24ebed130b3b
SHA1ab44c3df6ccfa246c014893eac21ea647ebcdd66
SHA256c34fb405a0cb77940d3a5b2e4648b28b2c4d3ccb339a3538a3f8a15749cdc9c4
SHA512993b270adb717913c5011a117b5a0d14c934e3c270fcf6da100607d9ede7bee285753fa9843120c68de2dd47cb96def8cb81d2e8a8fa92316b74a33d55248ea6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD59b3cc025380f7a1d22f57efa33344b00
SHA11918175a6c568c43d0399fbe4acec6ef3e29bafa
SHA256d799cf4dbc86df21816fcb90d03c6dc2ce50fbac5df86526f333283e6c38cff7
SHA51237a0a629890856579fc401fab005d3b80a15fa27ac79c268c538027721f0def61f13305c183c165da4780cdda8d717ddae54023d7643d12cf99b4d72970557ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD526ee74f4422e90f08d3e9311cf93f6e8
SHA1bbe090a9a1182bbc4cc8921cf1c60f6a8a62c85f
SHA2561ebadf00d2ede1827f9faca512e88153ab0c3990d43eb22a3f65bbdf0227428e
SHA51263fd0f8d77a346eba222676ccdf25c68ea1d7ccbf19a2787c4e63009a0071885233e4faa82dfb0d92ebabcb0b8d65f56db4ece3022943ad99aefc193943b7601
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c773464a5d75d5a48b44ed6f7c99e6a5
SHA11624074f9f4652dc4276bd6bc07ffb8880caeb07
SHA25663fe3ee949dd72a6789e78f8ae31f7832f641ee1b67a42da2208aeba0292036d
SHA51214898be4860759691f21014284f34417e014ba8a4768055f550cb6882db5176375c0dbb95cdfe52033819b57de3a9844fc0643bb53e70222c68ae12b25f0595c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD51be400ae3f1d22a5bda042b0a8031cfe
SHA1173cf95cc09b7f300ef10fb68c6bf6cf9e7d6d04
SHA256769ced8f8917c96679c9b5cc997299a29fa7f82a83a3dd433f9e4236003cec65
SHA51295cbfb686a74291ee7759f3fa0dda4dd8882efe8c7063e42452754cdaac0997dc2ad3adf519582cbbcf8449c8afd8349db564313b0863012edbe6a72a5ea4d05
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5604733f8b61354e9ced08818ee9e54b7
SHA123c453256550714f581a3a265dcac3cb5606579e
SHA256644deb0520e9f6f8a6d0995cd80318e06c397cb6ae0e0715cd93db33b60e1f12
SHA512cb72e44bb20b8e1035c3aa65353848bb203184c979d4db4682de1a4d22501a5829f7564ef9226aa647e1754edcf10b560b9156e8781395944837074d72ed8384
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5b72fddca746aee59e040d27f05dc0899
SHA1948ad976c9ab751a3cffe78f2304197b62aa4514
SHA256b47777de27365b16bcbf52f92622c52fe006ee12398c8df045494ef201fe8cff
SHA512ba696f7dcacc7f64ea46bbb8a5132194208740b330ab58b11336fb579673c5dc17b804b3df3cdac2641de7f1c231b00a7468fcda5935ba620abc274a3b125cc0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5cb785c9072144f951cb31c6b34357a81
SHA182ffc52bdebe4440fe086d8466cb77e5fd4ea2f1
SHA25676995f7c6b24cb6475303ddc8b538a7477c8fb6f5beac00aad488782412568cf
SHA5122b94c9e37d005ffd652ca2ed01a577f04e545ca64aa12148611cff7f1b0604a63f3006299c53293fbb2ba333d2227eb5419ee51190d1b1613fb38762e2d6047e
-
Filesize
8KB
MD5ddee7949f00470b69e737a7f576f1205
SHA1f064ee8ef975aec8df4c00d98497366b7c7f2638
SHA256a069beaf977be1eabae3e1cee6d2f529f779fadbe0f29530ea99906a4a619458
SHA5120e1e033dc008d54ddf023da209dadf2281dc0e113b52735c632da5cb8e58607a83257a00ab95162d5b0e3361d0e14db7bc135e5104f8a0797fbecfecd87368a0
-
Filesize
11KB
MD5c1e7d2a4c432f8067ebd52fa4467a728
SHA11c980dd8f61f9fd3b5f3646fbf368888c4157695
SHA25688f13e95ed20b63353cab128e5e85e9bf0c29780518db34479ad71d5524d1713
SHA5126aabccef70fe1c2762388504409ac804a9352ad26d4d07c94c35503a90e3bd601a4f0631ef2952e12299616368d7f618104a3a10e07a4e80f5e877c886766e88
-
Filesize
12KB
MD520ebcb046b4829d8ca8080ff8404379d
SHA1443a767e67951cd30a6fa4525f9217f218a5e39d
SHA25624beff4dd7b5ec46f7bdf5a4c822aac86e22c6dead19c506ae2147198efd5d0a
SHA512d1ad117e54bc71a1779402abb479632ed52585cd41b7b76ce2bd6963908a0c6b029768216f7aafcf3685eebaefd17afc5ef921fa948852192dbea3a1a9e96349
-
Filesize
12KB
MD5fe940a328eb9e2a76a2917d4f54bbca6
SHA15349b7b7e7250015f76c8c8714080846eb44c659
SHA256ae9a0aa16029d5e2eae66fd8e43ea36e93446753c62a190d6e64f1e4178d1b31
SHA5121852363e9924d48815e03eda7a189dd518958e8eac2c98b1bc991b8559c5b66ebd683bef5f3d9b54f0497e00f4ffadc4fe8af62424b4753ee16254edc2b052ac
-
Filesize
6KB
MD5e3e0e83bc4124050c62b1550ca293ae9
SHA17d27a9c220b803b957d8be948e0b1e36332e0104
SHA2563b1022cbe14fb462d8e9f1170481f89b770c992be930578d4f6df0f478b01d3f
SHA512fb82caa5dcf592778ae6d2b057e8e6c527f978cdfc97ff7d838d71b0955757d1a2608862554115d36394bf3df66fa10549c6aeea70ed31901303f3096f1a4371
-
Filesize
11KB
MD5a27e1c4c409c8a4b650ab5dd558e16cf
SHA1c5910974483f0cebb4713d7ef4672dd682c6c4bd
SHA256697b3b2fb1842eb521202992459c3f536e131df48da3202a5f3e22bfb389531c
SHA51282205537dfcbcde1547c6ae2372ecfd208e3ef900c0ada366ff36c7d301b7402c8a825c6aef76f0a70d68b61d7520bc6fc7823174cc04043ef363b6263a4351a
-
Filesize
14KB
MD5dbb48fe27cbcf52faac531c103815572
SHA16c59fc6757ee0dd26845feb40134330d593929ca
SHA256c8cda71435d6409a7a0cb11f8d0b5e5fb7e3334ef59385c3db41e2a0531db262
SHA5128fa709f3cc85972882dc8da672be625c423692b0cd1f2354ece233502b6de77a391a05f142d36daaf3311d5b3154b3888a0b5a62f5ac92edbe8b0895c7055598
-
Filesize
14KB
MD579427e0a7d850e45610c231faabad9fe
SHA1012fbb6a993b9eb2b9ece962437f2b4029f7e0ff
SHA2562b1af909376c7a43edfed20ae332df6fe475e867ca0341cd357c0291463901e7
SHA512dc1db361fb7b07445b462e9718129775a2df19c35ad409af1bb3c3b4c7e589af08bbecba566d941c0b41a1b4dd8d380c2db3d06038f33cd78a46987db0695e09
-
Filesize
14KB
MD5a691ed3820e31d76c91836438978fabc
SHA17cfd57b4eb7fcba64a8046a40e61f50dfb97bd04
SHA25654613ae1f960b0f86feb5156f71ae8e082d77625cd0f012f10e90ab15a899c6b
SHA51290847a0b44338d25cb3ad65a5d1496d3afdc0b2a190331a5326bee429abd7d1e588a2d71715e0c4602ac24ce2ce15ccbaca0a67e7e24715c6b0b24d8dbeafc9b
-
Filesize
14KB
MD52eb7ac930a64a454eb2fb2dc2b00da48
SHA113c0eb9a410678fb7d6635517fb8874e3ad538d8
SHA2563fc623f923cc68a6fd8b6c43e87b30a528b1281bfb6bb7c4da5e91bcae1b510b
SHA512024dddcfce7541dd5e5e2a5a4ba4d09a120e8b0d5c003defa951524aade76b5065a10c2a6394579298381279e367faaa752944d85df743f51a2cc0bd26e29531
-
Filesize
13KB
MD5aaa56b031c86159841a62466ac09990e
SHA147575a3c8505748e95c0074bbd295e96609c19c4
SHA256404a2649b5c26774446871c5e806b249e508e30b485e5064abfeb2da0890b0b0
SHA51203eabfe24bdfffc22019b22b988d2142e8ac9ac52503a50c75be148b85543aa8b55919288df6539a9423b85368474287fea4745b82c9d31e13d2e931d7d6f63c
-
Filesize
13KB
MD5b9ff58dcbc0e370df156bd721e9c7a7f
SHA1e117b6bc081d95c0e7100b1500b27911dc65cb79
SHA256e9973e58d881a68f36bfbd68a9f96096c0039d8fbd0fb1aae41802d3816a950d
SHA51239db08a690e86dc1e313dd3969c1cdca7c093a312d5acf82b5a492cfa85c83e8f2130933de4957f9f1d7a6afa76606c12a5f997dd7d08dc39800fbe7a1eadcc9
-
Filesize
14KB
MD5e51d3a74bdab019bee30e33036dec213
SHA1f9f400fcc5ed89eb01076b5d34f5b16a14c01d55
SHA2565002a3014bea2d50adb6b99276672757fe71a9f01069ef56352a79d819129861
SHA512ce6926880d183fd0ae0c7801ce12db09e04f5703303516cb9cb21c3b0848bfe15548b73701a9216268c1b926c43ca50837a3e4a3fe7bdf3d9551dc48bddb8380
-
Filesize
13KB
MD55d5caf4a1aedbf3fc62478430b4c218f
SHA12f03fbdc252ec8a268eab25a4221db8976d310e1
SHA256cf79832c610fb732085f9ae73823d329dd7bece690eeb3dab24daf603692b4ec
SHA5123268929ba8a043185ff1626c24089676b92e259feca7c601c7a71e0fb3af705baf7b3f0e4179cea96c74bc1ebd1e6fed6a94c34f76a32cd8bb0afc28adcdac29
-
Filesize
6KB
MD570cba3cf7f181a73b3eda11a0b31c2b5
SHA13e370cfdb2502f688fa6ab213b54cb9b58791422
SHA2567ae8fc117ff23d9a1fced51dbc367b62b38be8169ff11ab3a65e055ad89eb451
SHA512b25ae8ef99a449256483e55176de35a5c572f6c2bc44306aed1d3ab9637822d06a3574b4768468206f41a96efb492ffc93703557a123de9b9342828ba44c65d4
-
Filesize
14KB
MD58416167a75e1e5e4e61742a82a17073d
SHA1719d94e80f9de822a2ed918b49c5966ee595d1ad
SHA2566ad7804220d300d71d07e8fbab60c3f107bd4b508dc367952bc78642737a3e81
SHA5125599d6ebd1a1a7185db454e174e6b98a2d1a9755236caf942b306288bb2c2270a122fa24fea4ccc7914f57942ef4cc34f1af4656ccb5d1f0465f23692bb9ba15
-
Filesize
14KB
MD54132397682741088b0880d1edde4a2e3
SHA1a0ced445b84eee0eb0e3d2938d064e1527a6a781
SHA2569718edcb8025e876cb6d2e336431abfb231b13b880c4588c3b6eee8b58e05d33
SHA512dd3a67066cb4cccd91ca2defc719770cba8ea633546716cde21ca45cc9e06a33752d731f70f750f99c8289c586cabf841b0e42ab2b44c3c3e2fef7dade059e0e
-
Filesize
14KB
MD57cef14b2a26a038aaee08468590823be
SHA1de245e2cdb111993feb28139f2eb48f4df5ccda0
SHA256fd6d250ea532f7dcffaf6fede95e064da3151365f8c11ef6b6855331f5c67c5a
SHA51264cfb08962e27f0ff7d6e20fa9334dde2964137bff2a210f06d8586b54ac4425d2ea3996676b651c843ca787f5448b3d36e2cbc5d8cd58aaab2372a57ce0dc6e
-
Filesize
14KB
MD55bbbfe12564983a0a4f9f1a547860bc5
SHA19cc5fcf7d3054d5510154596176dbf10a926c132
SHA2560298ac35afe4301451058391d7da02084ca148ada93e96eccabf8ff4d8147daf
SHA5128ba31db034c4b110eeae429761e4be84ff88ebf827acb915a14c1f3f713c0dc4e3291c311227b3ad01ca9fb5da2fe10cc36152fb6817e67eb77f9a712b8adf50
-
Filesize
13KB
MD5b058a0c9a81641d372f7c62574de3d88
SHA1509ca6e830ac413c917c1a6b40ef68fbef2c11d2
SHA256d67b739ae5c7d160dd71aa327dfdc44125e7114bb26b0c7a9a471fbb8f9e8869
SHA512f5392ff4a671d5604e308c0b105128b580051d322aff2a6b700b34446d040554faed0cfb70417fd6e923d144a8c84cf94ce97520d9c4cda996945625e34a10b6
-
Filesize
13KB
MD5472b0e1af8d344c735c6f92ac0009f15
SHA18d59789e8fbe7c6ff1540b161e45a963e0de6f7e
SHA25635b6f29907f249fbc8fba9edf371aa47871132d6dbc78040a14efdf3a7da9837
SHA512a954a764e2d30651d752a122d1eac47855915a3743ccdefcf996ebb9cc91b5a924d4b1ff40d9c42fa0e6129278295026eab720cb1fd71549b78c8ac24fe1d96d
-
Filesize
14KB
MD5d8f2b47ca11817f024fa55138a45a716
SHA14bd74820f36c125383990781c60439e6f19613de
SHA2568bc7453f5cc1b8f1e4ec1de83a374b594db2b4be40dce1936fc3e291b6ed67ff
SHA512adba23513937151efbf106b5a558565398a2f3e7a360ddbe46cc8a6f41491147bf045d1e30ac8171e9e10e4c58675fc4af455b54bd5c4bb6b3eea68905aaba5e
-
Filesize
14KB
MD50d582ee72d84c132cd759546f1fcc193
SHA19bbd6264fe4507949615b2cb05de8bff74b0cfbf
SHA256657445c53a068d4f90f71f160f52ba8418175c94a22fc2c2bb5aeeac3a945ca9
SHA5120ac176ba9c2b7847f60561e348906b849f6e71a7145b36c5aace2fc9ce92805a0d3107edc42981a0012ecc683073e58000fdf4149e2fd467497b6d91d75bcf09
-
Filesize
14KB
MD5f4497deae939beb6086d0b1f065fe960
SHA109ffe88c06ecba8d18edbd51b1b73f7420d4141c
SHA25630a0ea23f5a42793a89e58951b3df09d62652d490d095c873d17dc8bd6df23fe
SHA512ccc176b6a786aeff19a6445268f714694ba6a6ea1f959f48bf237fc3037e224965dbad728a3c2d0e139b651322e8f59cb13ace8817a6bb9c7305c8066eae7dea
-
Filesize
13KB
MD518cb8adfd059b9056c4d0b97b8226d46
SHA1594f4adc3e75864975837adc26f002a208af7f6f
SHA256509b034344c2dc9188594f98dbc81cb7abbdf182e3bd26bf52e2b795174a1cad
SHA512423f295e95da86e675017b52059f2ffff623ab59b38b759d81ac87204439d6a54876ab387804db3aaa770430d9f18a017b913fc5c763b1234dc2652341d8b34f
-
Filesize
14KB
MD5f98e22118635b1435d2ba5fb60d54215
SHA1aba417536c8b12f757883351416fe910de1abdb7
SHA256af92932a4cf412e62c67281ba939c4360dcff8bae1868b89741cfe8bfe219adc
SHA51261a80dcf7bd9ea60d6ebebfe5a0f6a9a9529a115756b22e03cbdbd290cca76f2b780340ecffa3ccf6c4df96b811db11cd1c3f8ce8fe4e2ceacadf35772a12da0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\fb6d702d-9844-4703-ade0-e2119c2e77e5\index-dir\the-real-index
Filesize1KB
MD5d02fcbe4359f2ca1ff907630fa34795c
SHA116a680cd6a584596b7cd34b7264f8623c1fb7dd6
SHA256c3fd137e287805a8a4ec1e293967e3f7e68f8271740c668f4cf895206cd235e6
SHA5128be33aee642e71731f8017c9f2a8385aaafa55f1223be5edb3f90636a5ea5cac73c5b3957ae9c8d80b0e8c6426e8b2971a3774546d464848fad18658a7a09da2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\fb6d702d-9844-4703-ade0-e2119c2e77e5\index-dir\the-real-index~RFe596901.TMP
Filesize48B
MD5e5f36b795616f31a1d75aebdc4a75f74
SHA1c4f1a9360352dec32dbb90f528666fc5a6ba20ef
SHA256b0c396a651a7a00125dc02b9226d0723cbb377e2bd114b7087e7f72ce8163810
SHA5127f5129610bac64d0c6b57b8ba0aebdb6560d23ad8c908dac868b78ec5bc41a9a73efe8e13168296b3e7f1320a0ccc82f553b0cc631ad5db4025c83f7ba005292
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize115B
MD5b4dd5cda4ae7e5ea21e0a348f714cafc
SHA1c61b97b044e347082c63c910da1b999dd80150d6
SHA2560f50320c6e5405700b5d2f7afbdfac366b802efcc9c7a92c81fb8e1535258cc1
SHA5129d5c713a382861ce7c5aeaedfe438fcdc7f1757bbd040c06abf83b7b9b86c55c83a940f0964ae912fe30f1c3865079d820dd22df5bac49da0e437f5072962041
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe59693f.TMP
Filesize119B
MD5dbf8ba169390207a784baac32e286ef7
SHA186227e46194bdb9c440dc1cb144919d80633eed7
SHA25632166ba762304d32742808c33b6706a1d430c25e8762f05a0447bee4362a2da5
SHA512a1c8106f1269e2ef8adafc1a6e430a4fb660ffda78969226422bb9cff6fd34e82ba87f62334c759892828e12c85692f7feceab6111ee5de9d964c958ce4be9a9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD593db97156801c3b5fdbed153686fad0f
SHA1017a0d0bf4b5e941e4e6b250576d1779e3b7d85c
SHA2568eca08a8a65a82dfa6de21596551687ad01f9dff84714a3fa774147a3789c96a
SHA512cb564c17c48a5d208710456f9e92ffa58e5d32874b098323a53949aa2ad8f11fe278d93dd01087ad0388ca16437ebb64236689755c6127f1db47b84431bd8b83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59624a.TMP
Filesize48B
MD5f5c68fe3bd2f975110e659fcd0918479
SHA11e9498ca5c7ec94670743d1701204af6a92f8ce7
SHA2569cf4af8ee1c6b3a082c48c26b784c33c418549f8665a39ff2d05c88707d235a5
SHA512c20421671df4dd587d7c3f1f4267bc97b3987b0819d84717dabc165e48a9f812bccdfcab646edef80466106c8e0717912489e85f3ff9a36ae066e3751c595c92
-
Filesize
3KB
MD53c9ee24b473aa3337332663dccc76802
SHA15087fb77d00716016d6db641140c305154d091bd
SHA25623d00b7ae7c68c1972ead760bfb710c69969a42cc9cb9ba301de07b231794bd1
SHA51209f4a1c9bebb394ce6bf6e1befdbc21ca51b2c1b7f64c0d6ef6fcaeb5b9c9afa9359a4a1da765bbd78518a7163c106bb6a28291c21c532bdef6b5cb771541291
-
Filesize
2KB
MD527ae66d2066821c9f2dfd5da91510bf6
SHA11e1cc156a7e36346963d5fd3bfe231ba3232e0b1
SHA256188fba000f24f68e0a7551b9b530f776e7ddad4229351a31cba43779ce24ba53
SHA5122c63dd61ce4aa3b30051a0d958635a7f23b035f5f8e0c639ff679803b478413e798f83fe0a27f2532854ddb9499e46a12fbb7df528d667f2c641f184aa45a3fa
-
Filesize
1KB
MD537a7a7e70eae9021f6a44e18077600cc
SHA1856ec862a578a8c33c75be4e31aefee9561c8e50
SHA2566e688ba2de5191069fe9bc0f40089c88034b49f7c23b23010755db009b0c11ef
SHA512fa541670b3f21ef0ef1dfd27769ccf04bd9436f69ed7a12ee43ca0c1fa2ecd59ef98f1cd9ea9aadc43754d941861ea85f1748cbe3b0688b2ac969d176ca8771e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57ad6499501cc73226f56da09a8a85225
SHA1dcdeedc9e0e8c4c7a6884b5bebe427898593c64d
SHA2561e6c55df582a71ffef1daac361f504b3465640b9787909f95545e5dc2d8e5e57
SHA512bb3172dece41132e179656b8de0001313ffd8446b38af4544d123302770c9dea4b6a8c9da8578c0d1cba58b914666c8110592b2d854ea6b4caea65846b22237e
-
Filesize
11KB
MD5543187f03a81c2a3ee83f8f1d671dacd
SHA1e22569c68ceb68124ee6747d31013db39640289e
SHA256f0f0df5ccffebc83c35fa9279a6a99b158f69751209b20af0be390d1cb1c7386
SHA512f331bd465a18449f6c5376090ca2e7772c3ac8e65d54403391bffb8c119f9145808039380b23148071db907acc2625464ee7dd7b788e78b2e2857a649565a643
-
Filesize
11KB
MD529b26a466a49f144c5b0b4511ba97c5d
SHA1a7434e0f5ac2d67290993464e819b095df381dbe
SHA256e2b28f81a426227be36af607b15c198c53a241a682f567c21b2c94556b9df51a
SHA5127b4b95605daa4fa3167d75cb393e40025a3f3624ac5e4acf757ab31906d84f77917ff50a6251fb9ba76676b5afdc5fa55cc197300924502bb0bad579fb875fe9
-
Filesize
11KB
MD5bcf6690c29cbd01b4b7918abeb2f17e1
SHA1b7337783daa30a48c9814b0f2892a4b7200f6279
SHA25697625d444f9487c7b44b72e6450482879abd9aaf936a3b26f17d52d60e2f296b
SHA5120858df12c93ab19a8cffcf3e42d7d20c17dca3049cb904dafe1e08fd1af060395e104818ee7bc5477367ca9015a2a33e574e9ace832123be7fdb173151d16dba
-
Filesize
11KB
MD56d2135c1f138cbf7f59ef3619a46a2e6
SHA14fe220281889ce3f05f01e1ac437148189768011
SHA2564eb0891a8da241b75d3da64daf4878fbc06b3c59043a1b95bec95d58448b355e
SHA512155f45c96c345d4c02218e0fc8a5cfd8880d1f2a028c6ead2900fe903c4903ba357fefa1332089a586dba8c8c2932e4a618821d3920b5f2aaca46ac047bbcaac
-
Filesize
11KB
MD544bacea3f695eaea934d9d997ba1502b
SHA170c826f0933e3c6a0dd4b3355963f41eb79a982e
SHA256e944a24f096d45d6065001d36bc023d0ccd52606c4d2299e91001182cd62db98
SHA51238117518d8f2c1eb178a0f1fcae182e079c95e788225012f13bf51b80b3c7e8747ad3ea486a3e8835c81a27fea20ff0c55750d69febb95775a088bd60cb86eba
-
Filesize
11KB
MD5666ce2c032988455e5ce27d0ffb2ece6
SHA14d410a5169c2b780f87823eb30f6acea5021ae8a
SHA256c816a3802905a64963372feaf4218d0be7e0da0ed22b3f013f39d440d72b0cbd
SHA512bea241261f46c397e0af0d3b0580b344baaf9aa3add48941b9bea54edc5ff926e21043ddbca3c5e334b92b7a6aa9ceedde750404b9ed92a4999ffb0eb82ed049
-
Filesize
11KB
MD58bfef11818934b8f54e2592636633982
SHA12b96d39f17ba33ed060e4b5d2ac371afe86f5390
SHA25687c2f474f47d12fe11d4b373041ab7d6e30e79709abceb7de1fd8f60ff7e3c90
SHA512da07be89c595c2fb408771a7609b8a2f8dd616b33b72fb72d3863726b1002f8b23bee6a738419ee64a91faab4bd703ef28127e8f427e583fe807064a8e63560e
-
Filesize
11KB
MD535db7f6406bd38e7e245a597945d9683
SHA1e92e0ce57294ddfa88fd54757af1772aaf018e8e
SHA256152c6bea48ccec51ff6482a09fe8cae5133fcc442f7d2eb4f91ebe2fb6f04f12
SHA512ac34d3510bfd12d6ae7fbee2ca3d516bbd6e1a5cb59bb8a3be3f1c85184ed0be8aa4875a47d24deed7856d640f4c818d842f3596c993e653dd1079b2601af871
-
Filesize
11KB
MD591f7c6a2340def581e593cb8508afa07
SHA143be36762cbfeb959393e84e82f6aee25d51755d
SHA2565369f443ff034b295f59216ac243bb04213415912b794c86b9f6b593c3ae8327
SHA512960c0e422253c24346a1ea8c58d80b054f338ec82eb3a0b9b302e01f8999772ae2cfd53ad1955461e2fa0f74eaff41b42f596ac5eb7089fe7367dd40e845f507
-
Filesize
11KB
MD5f34880f46b2e068d8618dbcdbc15e7b9
SHA1841851c9aabf137b11fde0729a8c742c80e5eadf
SHA2568460aa77fae54b77a8ded1571a293dbb06f4c025dd1a9bc4838ae58f9845cd86
SHA51261c84b08c5defcd28b718a10684595aa52ebb5f662cd28b167bc0d78e9d68f5f0bf074f1b4835a787a2b432e0a50fc7e706eb7300b3537605be53fef8707df14
-
Filesize
11KB
MD50105cf82b7649dd63fe34ff9c75d407c
SHA1a25d02e992195dc83dc27ecb20d125a0d6e93795
SHA2567e44c9baa18959fa64a920cca3e4b112c4992a3f316de72c0ef4866538973712
SHA5129ccb3975dda0c80dea2e1a03d186827800111fe826de9e9cac9cce503312e8cec7ee33bb4d7f8159358a4b6830c19cfa0ead2d01306d48ccff97baadf7e2ac4a
-
Filesize
11KB
MD5677a0ff7b09508b0e0155f5b1904d10d
SHA1050f93204bf771dd8b746299431633cd1383cbf4
SHA256dabb999e672f2b4de90f75cfde5cbc5e56aad2fc1239d1f7654317f4180b7921
SHA5128ab13272fe1dd09ceaf470e7ecee51f61d00ef7297a58f17a0e3f861e05ca18abbd793d618eb276e6896378fb6819d1a459ee6822cbfa2a4afdd90304d458945
-
Filesize
1KB
MD5dcb207669cfd5481c0636b245c03081a
SHA18705c67f45df2fe982b356c32f4c8cdcfaf84af9
SHA2563480b0c992651f30eaec34b0ec474c95e886ca1bb829bab06f662b74caee4564
SHA512f1d017923c440d98fe1acf09810ee24499ceee346e4f4cca4e42173b52f2cf5bd3751d3a8a034f6e63485faa11b3728d691bed607e4c2f01289356d5f4270f0c
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf