hxxps://github[.]com/Dfmaaa/MEMZ-virus/blob/main/MEMZ[.]exe

Analysis

max time kernel
600s
max time network
600s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus/blob/main/MEMZ.exe

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
2636	MEMZ.exe
2904	MEMZ.exe
3960	MEMZ.exe
4024	MEMZ.exe
4868	MEMZ.exe
4020	MEMZ.exe
3220	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
86	raw.githubusercontent.com
87	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	calc.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 206797.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
3288	msedge.exe
3288	msedge.exe
3836	identity_helper.exe
3836	identity_helper.exe
4572	msedge.exe
4572	msedge.exe
2904	MEMZ.exe
2904	MEMZ.exe
3960	MEMZ.exe
3960	MEMZ.exe
2904	MEMZ.exe
3960	MEMZ.exe
2904	MEMZ.exe
3960	MEMZ.exe
4024	MEMZ.exe
4024	MEMZ.exe
4024	MEMZ.exe
2904	MEMZ.exe
2904	MEMZ.exe
4024	MEMZ.exe
3960	MEMZ.exe
3960	MEMZ.exe
3960	MEMZ.exe
2904	MEMZ.exe
3960	MEMZ.exe
2904	MEMZ.exe
4024	MEMZ.exe
4024	MEMZ.exe
4020	MEMZ.exe
4020	MEMZ.exe
4868	MEMZ.exe
4868	MEMZ.exe
2904	MEMZ.exe
4024	MEMZ.exe
2904	MEMZ.exe
4024	MEMZ.exe
3960	MEMZ.exe
3960	MEMZ.exe
4868	MEMZ.exe
4020	MEMZ.exe
4020	MEMZ.exe
4868	MEMZ.exe
3960	MEMZ.exe
3960	MEMZ.exe
2904	MEMZ.exe
2904	MEMZ.exe
4024	MEMZ.exe
4024	MEMZ.exe
3960	MEMZ.exe
4868	MEMZ.exe
4868	MEMZ.exe
3960	MEMZ.exe
4020	MEMZ.exe
4020	MEMZ.exe
3960	MEMZ.exe
3960	MEMZ.exe
4868	MEMZ.exe
4868	MEMZ.exe
4024	MEMZ.exe
4024	MEMZ.exe
2904	MEMZ.exe
2904	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3420	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	2024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2024	AUDIODG.EXE
Token: SeDebugPrivilege	3420	Taskmgr.exe
Token: SeSystemProfilePrivilege	3420	Taskmgr.exe
Token: SeCreateGlobalPrivilege	3420	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe
3420	Taskmgr.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
1816	OpenWith.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
2288	wordpad.exe
2288	wordpad.exe
2288	wordpad.exe
2288	wordpad.exe
2288	wordpad.exe
3220	MEMZ.exe
3600	mspaint.exe
3600	mspaint.exe
3600	mspaint.exe
3600	mspaint.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
5260	OpenWith.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe
3220	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 1208	3288	msedge.exe	82
PID 3288 wrote to memory of 1208	3288	msedge.exe	82
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 2984	3288	msedge.exe	83
PID 3288 wrote to memory of 4208	3288	msedge.exe	84
PID 3288 wrote to memory of 4208	3288	msedge.exe	84
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85
PID 3288 wrote to memory of 964	3288	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Dfmaaa/MEMZ-virus/blob/main/MEMZ.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2636
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2904
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3960
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4024
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4868
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4020
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3220
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:4976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:1708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:4728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:3140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:4704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:3360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:2756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:4460
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:5092
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:1696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:7404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:7416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
      4⤵
      PID:6940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:6424
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:7176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:4160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:8028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
      4⤵
      PID:6572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xfc,0x134,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:7120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:3524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:5948
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:5380
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:4736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:5084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:7360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:3984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:7940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:2684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:1724
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:7028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:6796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:3180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:8088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:7696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0xfc,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:4220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:4124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:6308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:1436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff83d3c46f8,0x7ff83d3c4708,0x7ff83d3c4718
        5⤵
        
        PID:7400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6348 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8680 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10132 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10152 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10236 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10384 /prefetch:1
  2⤵
  PID:6920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10048 /prefetch:1
  2⤵
  PID:7076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10460 /prefetch:1
  2⤵
  PID:7084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
  2⤵
  PID:7092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10408 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13288 /prefetch:1
  2⤵
  PID:6236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12600 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10000 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:7328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1
  2⤵
  PID:7864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12876 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11200 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12264 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12080 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12252 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11284 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12080 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13048 /prefetch:1
  2⤵
  PID:7628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10400 /prefetch:1
  2⤵
  PID:8072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13332 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13736 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13432 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13965905308990162345,1677989499176585167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13404 /prefetch:1
  2⤵
  PID:7932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:7664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1869a39f08f673b3_0

Filesize
434KB

MD5
2d9ffd5339c789862907e2d36ebe293e

SHA1
3fd30e8a49c0662582c6f2e9db79435840e376ce

SHA256
cf74053ec91c22879772dc82299c7290183ba3a0a3671b6fc36646c9e6f36851

SHA512
17b89e4c41526cd8a13e47c54e9ad4a163ed4edb3618b6932b018d12580766b7292955e4b7ff343e1f440b680b2d7b327f439c78a9b7631093be3c565df8cd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c5dd783e28eadf5_0

Filesize
19KB

MD5
c92261800b8edfc7a7f83317feb90050

SHA1
95108c9028f4352cfcebf822ceedb7400a627167

SHA256
fc29d4c371d0c3ecf3bbfb4fba40c6de9ff3cb4a6bda1d715a9cac194f755543

SHA512
1d5228832b763a145206ba0dbf78c89e2c2c487ee355c736633c370b34f4c0b30a8cdbe008563a14730506b8c4641e75160b241385a8feb20964e10797f93dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e49febadf8ab02c8_0

Filesize
288B

MD5
db3882705b429821c8d7a6ec7427b5a4

SHA1
74ddfa00bfe2ce001a2dc25ebab642d9c8a05c17

SHA256
6c05dce1b506061a0c147331fe3677c0dd322fa919afe42f31617a2f16fc3dd2

SHA512
2b5d8dabfed21dd8d4548b29e5d6f66bca7758a77c83f83fd9fe4041b0e2dbfd0166d3b70250bbe8f08c5b3a71f3f3de2e43f9ff000995d43414141d8a603698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5104d253e78d2f0394e1f38b66c49896

SHA1
be1d55f73ad7e8b3a47d70d546fe86229e9e7bcb

SHA256
d7054de6d3debca51f97dc297bbbf0168a581f685161524c4cff95ce95ebc9a3

SHA512
6ffaf23cf602e943753282ec913f1e8f3dbb2b526fb75e128c24d5f9bfd752155cb94630dd852ff49e071f7287c8d6cd51ae9073b6fc4e677383682acd67009f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5310836d0bd3b432b479602208475121

SHA1
b2711d765ab18888201c76773d260c7b3db83b34

SHA256
af5b5fe8c4edff7bec375970f16923d7547e3aae19d2a72eee98c6292de33da0

SHA512
723a19b3c2d4a9c1a0b060c3b94e511b6233f7b69b5e2e96f2052324e785682149f3a3143a8f0ecc918910a24a13500ba7bf9e8e6d0ce4757c7357cde97aeb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c4bb398878b6a1d632b0693082fc0b71

SHA1
3bef7c91dd4e618b5e14f5371d2b4365e15163f2

SHA256
272019536fb63eff8cc1d532f4469510fdd89e906f550f3801c0404da69f3dc5

SHA512
99d0ff19b123b83e303e81877716787a25fca93b726923ff1614f886fa272919e8569683d3057884071debacb520e20880bcd06e5dd3360bcddc5db453966703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
751453d64088cfb101cc9728ddb566e4

SHA1
b53dc7d890131d4610285290fab1b37ba5ae00c0

SHA256
f7a06426b878fb8b447d4bfe7991a642452eca7dbebc076ae938f52a7eac47cd

SHA512
37de303329f8506f555af265865f582bac2b2b2ca218c068714fec227d3d67ec77a59cd66e396b4f76eb9db972ac60e53a0d0e3900688873421c38b038bf8f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b2141f23543fe5fc43c269f08fbebed

SHA1
28e27cd48faeb069e3b1b55af65fe8d38b6b9081

SHA256
241476c268fd1519e9a02dd22a435e2518c0ee3af1ebe439d6659954b7f1f14d

SHA512
396c5cbd0aefd2c197979338145a716e46204e15221ecd22e61051da8900681a134d765cb4a41013e9f4f30852eeb9bd774a71e5d0ff4cdfe6e07f7109722277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5683152f55518609bbe07a048ca31b03

SHA1
78cc5510b5c76944c6295d5f78fab941d7af2166

SHA256
b31f90b35d2a48f58aa0edd888df09895e77f7ec6e58a4064eceea15f8cbd387

SHA512
b669ff919ea3fc5763d9542937f49a8834e3987a523dcf5b363e72537261de340bc501cb3fdc8ac3448a8445503c2b82dad00e3b660bfdf4e62f32a9686ba7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
165bc5335b92c0a8ca672bc3b8991767

SHA1
bbf91a803189132887e969f320d414089d32f169

SHA256
93232c8d103a32ed341799564caa03495d222406f9ad11d5170395cc68e53fae

SHA512
9d6b8a6134dd99c6fc4d1add73a5bc9aa77cc5bdcde45301b26bebe7c7cef82c1ae89a58dca53023eb34627b6a1212e05c4a0994696186eec76d3d2db067d4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
40521a1fe58d2e3e2003ed3e68c91bf7

SHA1
d92c2ad10548a6ecd51c91775edd8de6db48e718

SHA256
4b42144dda95f56989a9ff9bef42bb4ae7dff508332134cd10b64a7808658722

SHA512
3b7ac8ccc252bce8879b033f44a9adcdf1e69009c1f95dfbf2fa0eec89295b10c8ece2ac129110890366cf4b275b4cb3d5c3c9dae70b11ec19663134f20e2d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ebea843e921e8433b8f0b136cf5d3a7

SHA1
fd7fe1b7621ef8d4d05aaab1aafedb45d21b8f7d

SHA256
22b54409b67c549f506ea83e1170d40a70b7fa7c825fba481d7a8d39508714df

SHA512
8edee619741c182a7b7d3677f6a99774dd5f207360111d9daed9e4fb729d15a133f10931543874f333627f94b3eea49c7dfeb419a285d5d94c0ac79bd1f80772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6eaacf4dee99164a6d52ed9ee918aed9

SHA1
abfb2437e61f9bca681a9663a918395102b9d4b4

SHA256
fe644677ef9edce2a417466cd46a5e811a293efc301c8ee084eb21d4b3891e12

SHA512
767d4e2e957bef99596e973416075951b1a0ae4adb04a1f0b2202f145eb32913b1534d19d6ae1aedbf7972bbaeb5f73941c706b539edb7d6fb7aae51f6d3edd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f372f7853d6c6a1b077799a119155179

SHA1
4fb7ec7d6058ce41b03a934b510a0b38e6bf6125

SHA256
8a34761d1a5aa7db74b1dd934d2c4e81922092fea321997f192d0e28778c7f7e

SHA512
5ffddcccd57eb50c588af65fe83273fa16a4024c5bb1f61110829fabdbe8bc315574dc1e15ff07fc889b59334b67ea830617ab69fbd5e52623376531dfa719b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
c4897aa78d9edac4710b6abd9081210d

SHA1
82fff6d6a6c64af2e1e64a0a56c46cfc2a3470bf

SHA256
1c2dbad9b7fe623f7907fe8875ae1df241de6ea09e8dbb063b885983420fc005

SHA512
207439940f16c3a029f465c4f4b6d290f15deea00c5d46365d2bbe5a27c48371315a7a5e39366638a4d256c843470b6e9acd6fc7c0b85aac10dde6176aba026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9c2fc6714c4ef38aaa017848ce693729

SHA1
b9d29e9056d7a31500bc767d5e0138906ede734d

SHA256
a8f40ed01bed09c419ef11dc0f1001f9f95fe806b958420ddb58ed340ecb9904

SHA512
a2b8ed02998a2ae3074331647f6825dc421e7a54a26476127c472625f73d62ebe166f9e8a1223fc87452aa39025715e251591a930259ace229a9228f995e3e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7203de8fb1c8388f5ab3377b106b00c4

SHA1
79910c973774fee468b9beef385afa0af6122345

SHA256
044ae366b9fd328681ad2f47522b0af5348b2c0906b5063354d9108e9c1bd4b5

SHA512
a4688a21894adb5ac45d9e146362f311865b698e330747b3e356519865a334c01277ff3f3600f87fe38e05a076bc6ff3a30cf61b0371441803c2b09e00d2f11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
05f47eee417be523d194328448c30144

SHA1
ac826d286d00a43217b0eaebc1d5dd520ed8cb11

SHA256
31b96ff776e6f04b153972c5256e698984fb82ae640699e8f0969ca058650539

SHA512
04b4762f614dfed2ca0ebbdc9b34750a7f0a184a29b5de3a5d678208628e658eb4a6bbf2aad030e60bf767c9cb5777b4fdf70826e9cf6500a4ff03b8d4259ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
5405ab3dd2bfa92929817c0048cbeda7

SHA1
df4068d176598eae129fc731694ea2ba7f22da40

SHA256
840a437ee8a85467a8994fcd468f2febf6bd672ec3a1a6207aec7085d3bcd573

SHA512
5643a9751aeb548fe89dcf8e25f20ab6c19a2f69e423babda0629658245f36ae14bd04cdb9d76fb019d3abbb1e8cf80c9c6b4e779d574038734f7301375ca345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ab61f41973448dd31b242601f307758

SHA1
dc8451458c87f573d3f4e6e9ccab80689765bc4f

SHA256
c85b82e62b1d32fd29419c7528b86d6c33218d70d5143158f3e606cd4c44e4cf

SHA512
f70f268e9368608f157aaea64df6906deefe59f15eddd48d4566eb2574c9cc5345ba9fc24360d65d14da9c6530a76f554609b6c2fafd472400b4da3b2ea1c2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
7bc36de22b4291c876feae8cdaef2b4f

SHA1
a94214545d4ad5aa5606587c6afe42ffd2a6cdee

SHA256
cd8fe9bd0810b2f62fe21ac2d556c9461eecbbe269b1c6e5616ff8830114df14

SHA512
74e790bb9ee07e4969d106216dfeaa11f7f5c9fe4eedd45425852bf54b51d0e8f73f473b22f32e70925f93f0de6121c24457e251d241491f53b5f8d8af470cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6530d63dfb11da6ec29823996696ef0

SHA1
81d3623be8d8b1fad931eb63fe024238ef2d6bce

SHA256
3c0c533cddd0077805ba12e970220924469e205ac11de3795bcc9fbdcb1cbe14

SHA512
a67d6b47759b6e508b00e947b38aa48cec7d52f4e2a2d4b928a59b2866c8d00c010ba693daf7238cfa2f63e93dddc43155bbeaa70bce47ca350f6ffef633bb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f57968d5928c8236f3573f48961ec9b

SHA1
1cf4732a2a3629afda9849f2a08b624d71abaffb

SHA256
6b0fd1601b3c04f49ed5906c4cfbe1a7c5195a461ebd4c4a87015f0f2bef336e

SHA512
f58803623bcfa5294cfce97ed1d9b53c86b353798aab28862a7658f62965afcb74b67f29dc39034e1f42f54564355d229302edc128bc70056b8de8cab07f7f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7980e633437b90cfcafae5dff40295d6

SHA1
133a5ad475233015b0bd6cce73222a1193a20371

SHA256
0acc2ead5c11bcc033f5a9b026d2b35d9dc4ad9be6b643608bc00bf043d1b62d

SHA512
07950a24e84f5240422bf352d32d5cdeafad604ef2fdc8c19f5c946e3059924927099ef96f7de951e5b88c9c1868400fe89dced9ce3d871bfbf67bae09e7a15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11196bb7e4d74b88df2cd23dc973c7ca

SHA1
765f481984cc0affd79927df93b8c3539b530f83

SHA256
7e2d711654d7986b51de2c7aad49733d13045fafd0907644737c8bbfc70491b2

SHA512
a55ab0bbf188a873808744d99774f4f2a940163cedad97b0df941bfa97027ad53a4451bd4ad0dd091090b5ed025722c7ca1e90925acf980da6537bfe773a6925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd18338ecb67f73a7a5e121676bf0c7e

SHA1
e3d72f9d01d98a39c32ed4c58f79b0c553a25728

SHA256
ff75911fa33e7911e59019892d3c0d0513bb81660407f6441426b238d88feed0

SHA512
739ac83dfaa95eab19f15ce8a66f22f140deb3876d1a801cf9c280f0c0689275be9bd6d072a0af850c599f8145dd332255ab6f88346f8c7dd1176bd125e86820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a0e77323b609518574bc89ecbef67b79

SHA1
f1e4d5bc3b7a7765813d84140014ada78fc4d0bb

SHA256
e592323c6cb11b0470159453858f52629ddd9db286b651a3d8cd4412db8139e9

SHA512
ca9efe0dcf70a2b364b50cec0bcbd81c7df04474a3a42da759b739b07e36fd1b416e7038db5eebc70ac404844874278563ae762aa70b5763085dc58409359345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91de3efb0c82cfd873b802aabffafb1a

SHA1
0804a5212121539606a173ac7aa08a275e143f52

SHA256
db15fa1e2f13f16be03c075920333ac1ce76bdfac81542854624dc119f17be4a

SHA512
d28c5ff41333907aa3fa9b46c938ba16a8a18ae5699e354d3c5878d789c838b49f4111b3c5f00f2a09718c17e88b8619e837bae15b30336f52278e7a847eceda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
dd0d603c0a6fc48859aa242f5012b5a6

SHA1
a2efbc8dbc8e4c026f9b9603fc9100b0f073f4ea

SHA256
f5b8eb4dacf9240ca3a29a9871399d9518b412f320cee0bcbefe0c7f170e029b

SHA512
c8c37f2d24d2a3343503106f0b11f9ece21ef3f640ea6636f6548e6f4ad5b3a66a6d70453a5ba633f73c6a168b00e94d3b582d270a0f0d6b5d41f2d03d04cc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
10719df06c622f208fc1883baf4a74fc

SHA1
ce4670082a7fcc917e00dba9ab5e66a6db9c84dc

SHA256
2f8042ca9172d4d4d4f698298f352bb0cbcb58f314794f82aae3717ec16f3c47

SHA512
fc7a2fa7d9c7beebda1a363f388b1f325dec5e93e944cd275935b5afd0d0551c1d08711ec4cc4e251df3c46b65c5f014cd06977dd32e8ac2f7f2887661c5cf66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cc441171ca24e2169ca2182352be468

SHA1
f05f72556b9f44eb58467f171b6408c3d5c06399

SHA256
bc5d58d82b09fd7ae468b03d9e25c1b4f35f2c3599b11f77eb84df86a4c7dfa2

SHA512
8ecdabad2a9d9dd8d63a628f3cc63baaf2b31985c608b14e4f49e439a85b7915004f13132ce87b9e2d04aefda7f8979d4e98c06688d677b03068937893001954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
60e54a7c3367912dc9f1b70f7562af7d

SHA1
314b6977dec38cf615e22f58d94924b8ae93adcb

SHA256
2ae6f2140e34db7a6ab84fa6a148d84c6011143921bdc449d672f6c291477b08

SHA512
cabb8e33af07bbf163644457f8c1f39505419618e693e6426096aa2e543e0b0cb68c66fb75a50ff25dfee79d84552445a6dcd9473ba1def86f7414f4e647b3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
fc0b529e7ba25d991f272bacade73efc

SHA1
7ddd3f0f15a93f680bc29f7a8a59ea84a7dadd60

SHA256
7775da88a0b71e7b6fce409ace8018708201e6e9ce294f5e53715257eb5561dd

SHA512
c4725c716e88abbab964102ff23ae8d454601d7af2d7ab5fcad8971259b020b5de3ea63a72c1a8af16c942547129c2b8cf162a67f99b444d5309e438f6ca1462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
94369e3f584c3b417f4b547e6d3fa9f6

SHA1
dbe6ccb93bea8f6402c841a9fef2cd88a4dd406c

SHA256
3534a0bc89cf50630b57c7b9c81edd095e53fcc4a8cf8600fa243f0ec548f88a

SHA512
8885f2349f3277c5c4d0869815efbc5ead63403d661f5492ba1dc9ca4701abd281e3ed096c52cb4ef3319b5127b0c8c7681ffa765adfd1ce0feb2e8b7bf5978b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
80e85f6cec334035052eafa8e0561086

SHA1
e085f62b7eb45ec79afddd71db9b2cf579d556a5

SHA256
d631841cea0d102ae9c8a66f95cdf804dd4792f9596ebf73fcd348b599253ccd

SHA512
b4f8947bf623e52482c93b6141a8e5cd9c2c94fbfec05276e23dc6886415a05d6546c571075eeff719fd364fd3a4f3d509d17b182f5655a285d932105a461c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
d2f2eb4bff37d2f8e9030cb502e2d6f5

SHA1
37f3649267b9b9e75a970bb82adfa5d1b6dd6d10

SHA256
d5b1a48bcd411859323d78641df56cde26b519c1a8b46add87ec03756a207aa4

SHA512
2aa8631a8e158acd763d5f87a1fb6762f3bc064841165a48a8471c4c0d37cfc3fec8bc3becc4963b68284f4eeb3649ab6df0d56094b6f46ca7e5c19078d8c743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
5704b1e2587f664943c5ae6c8ddcb650

SHA1
6fc615a984a21bd947212a62fbcbf2e4d59bc2c9

SHA256
e9dd83d34e1555c84ff616e51098856b5cb213f60009ea02f92356fec7eec196

SHA512
3967a085f286bbe30e92cdfea8b907e1794fe0af3f80203a5db435ded9db568c5cd61a0a4deda56bedf0df4c54f3dda21d9bfea27fa2b349e6fa96600f32918e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
9fe352bb89fe1b00260616d03d711e25

SHA1
5f1806ab3ef01d88b783418595eb430b21f33f1e

SHA256
a8ab62b77556797b989b4f185c76c536253b3c75823ff94f208997877c406234

SHA512
8bc4e443826129a7e74faa69b1c96ee053b46f72a8ed8f11195c76969095a2b1603d43d70ea65a0f360a41f1ffcbc33858d8cdfdb37bdb08cbc217a0f103484c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
200a385d3f077fa7735cfe1e00905e79

SHA1
47d4e1731f7ee47118c17122b253273dca6fdc71

SHA256
003b546fc3e374d50dc9ad0abbb5d397efa1a9705ede661c8d76e94afff88066

SHA512
404f93df698d667002b6c73877ecaacc2fd4f0cc17c258d33fb351ced66349640a9074f7ba173f4ad279cb69e44812a11897d0af85f9e0e823fb49ee08163d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5871be1006b2ebfcc6d799323a297d9b

SHA1
14a1a2368ac27a571c392e77504ac63fc5663474

SHA256
8dcb63ed0f2589626c0f1decc5305697a98a658c27d478a1ed0837b18ad39b73

SHA512
65ddba5babde0fe1f21b4612e9d6820e1eec646a12187de942f912cf33dc954f7cea5a7d739936659e654aa51c2c7784b46318318a655e350946a6b7680e1a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
4f2f3498d883c8a3bee20d8c3a5817b9

SHA1
080b544c8142501a31c7b2de5cf78d22695a2d27

SHA256
0fa8ec313ca8f71f0ef1ec9a918e32e1645c2e75a13ee6f88fd1d0906d7a038c

SHA512
6bcee44b63becf8a8904f369bb3aa9e106d8b2ff016c73091b3c07ed8695e46590cc890365f8d19a666685211151f22c16d173f63b2f1ae026c99dfedc2cf68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
990425b4ba1a0255b7945b6c5ddb72f1

SHA1
677372319f61eb152d01135bf23056c7c1b7ca34

SHA256
2ce6eabf52856b30485cbcf922ebf8a792337f1b41e31ad1db1693faf1da2cc9

SHA512
3a81bb2129da8741e36fe706c23dfcfdf3cb5e5c013770b1bd651d0188c6bdd895595811c8e26d49c1634da5ae2e00b10e797be3e6223a3d3ce9a13ebc2d7670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5cde23.TMP

Filesize
90B

MD5
dcef2ee0ad180e9d00c1c2aae3213525

SHA1
f665b95abf3702eddcea773c5eae3ca7351a9d96

SHA256
2059441e046c860cb0ac88eb7ca9249a4e9dbd3c1b076cb85dd3777b381008fd

SHA512
70eb993251320661df4b7e423434836e1ef05b8ed8c58772b614325c96172b3fa9393d449015141424475dbef2807fa743aa4b22e2f50fbb5a3c4f5f48240011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa6c7dc1c577f610e81d6c51ae293d40

SHA1
1f58fe694da6267a1fe555f4122ce2f998917c90

SHA256
bcff3fe55ad4313d1ddcaf1146ae62b8a6e1de7614006ca03ebcff19e58fdd68

SHA512
90d82de3b478146965ce2315e302144c4ea4ac9aa8e02da7424f862f14c29a0a5a1bf94873a779726aaebda793c80eb765666f90480f7ae2dafaf5befb8bd304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31a3674d585e7c7c50ce338305cc3d9e

SHA1
263322685123ffb858c9aaed9a3c42fe53ab5c3f

SHA256
81e434d42e097db28649de7056586cdfa01e141f64e40f89c53d925f3035a043

SHA512
e7083c108e4ccda12f3a91e7176a32d04b0e5d1c9edb5bd12c3536bb686a1665af4c85f6561a2a498c410b2ffe3d74aad7cd75af964cea211f68cd82dda8d7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a8715c13b806386448ebb58497c9b466

SHA1
b1654c9e27b513f172d34fd3ce14867b72557988

SHA256
6c5dcb6396919ad962a466fbb0808e91c1fc0df0128e9a2ee5d10889f93d8741

SHA512
7069283b6344ec6583cf2ad998faa415ad6ca5bb162a60e728b7e272b2df56df60c2ee374b2c15ca670af8823f6d5d57f5d445df1ee91d045306f1bacb62096c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
107f3a897d3e59d48f00f94393b67dcd

SHA1
9d79de75d60283f5227ea7d409f4a5737657f884

SHA256
fcb9c9e7762313c771b753fa49558216c6df41af66c53a2ac1a3570f9452a208

SHA512
7ad6e9f2ade36a715211e8b2d96373f235e180cbbf644d769651dcee313bce828fefbbe1145839481657e3e6bd962b6ffe25b441085db3a63fd4053b4405be06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
3d925f20411d5a780e0ef2b9b887464e

SHA1
e42ba16168c41fafd4eb5f7b685c34d2f91725f8

SHA256
e8e24971c3a6ac993fe5458e09bf8736729c22bbcf06edbfe94c61d11eca78e2

SHA512
6f89401eaf8ceb4549f608a818ba05f4e5f353a957ca4d2bc5506cb449c0c092f475713fbef4e77b9ff4f2eb05e5e8c21f9c4e2bd6be467a870100a35908bb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bc35c788bcacb4338cdcd9c5bd52d55f

SHA1
480f91dd0d53a29064ecdbe3d0df3411cafc62af

SHA256
dea6997f9e159d579fb5369005ed8cd34459f001e96ce972199934bdc98458a4

SHA512
dfbd7aee8c1dc9774b378b44f15a349e66a3fad696a1f4e1381e55deea8fe49e8572174d0f71a6a1609925643a80cf324f6bd6947704e24a16ce55aa7cd8a616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586abb.TMP

Filesize
707B

MD5
0e08d38045392c16cc5696030bf17c5d

SHA1
f72ee1308cde444f8204607bed39086d8299bfc9

SHA256
6e3f0a9492ec69ac291503ae9a98e55358bf4327a958cdf3d4d6244b4409b892

SHA512
881c6019c68d39de2c2cff044365badec150b6e445c5dc01203e9ae9c2770985b4c2f8a297701beeb21899c2b2a7ac8ee6c92d4a5bc9341318b12e1a2dbaeb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
609a31dc2c62e5ec16c40a2afdfa0af2

SHA1
7302b370e1fb866fefb395ea97e2624ffddfd5c7

SHA256
d04a2863672ab1110fc4d50f27d8a827d665d26549a433c1d996acb9cc52d7b5

SHA512
96d9c08bdea8d56c9601e8dd0eec914b37de3678c9a5b48a9f151c29407e0e94d294dfd58985421e94cfe5d17259f14245abe5f5d407c3f3f5c2a8194419a59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
549d43a92c3bb199e59409f60821c3c1

SHA1
176b921147650efc26a4ea8b4355152ec8513f94

SHA256
038f9bfb8214ca3e0a106d9ba9d3b5596449df5861d4822a010a2fe24f0e9ddc

SHA512
f143be4d50b914623f67d98999fa666ce5922657b90b6c57c9fa87ad0b04fb186210818a9e77d831fa0495ece4cb7069fe042f78fbcc190c617329800a4c0ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
086f15375cb48b4028ba92423c9cb631

SHA1
385206021a19f7c20d104aef08c0053089246b22

SHA256
d4878f1471aca9d7f2148e0e30ac71026bf40d4da756878dfe2807def511d252

SHA512
c4bd9a377db36c4c5446f94bbfe0bebfff1b8acc69f762296a21b70df3dd06097fc7360f90a473737f6482da8b01010e8baf6b1842a65b9e14439f76d56e49ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63fb257eadf4157d93edbbeb7c702871

SHA1
f09e36015283e61c824b2bb2ea0af6c46e27e5b2

SHA256
9b472f2036d7fc4ae96d36f48932de4a4d7a6a1b9485cca06d83f4359e3a082b

SHA512
d1b31d6050691447f9d0a2981f97c1daa1f1ef84c16777b54efa83d4c655d26014a74617af5d4b81a63779ef759a69f3538762edc54b2ddd8a17012055be8934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39fd04ed888392640612eee19a41ec98

SHA1
10fdb061f7dbabcefe0afc9ff2269975bb5223ca

SHA256
786a4208ed0b980e632e1588aa9c2b93bf0711cf0c5b95d19464428fa5313af5

SHA512
fbebb4bbb3884667c150595ef1e5fd24a0d111955e410b852a82861a46f3514ce275a58eb06d1a4e5fd8e0af0e94e3e0a33530a89b04a2b12902fd4702f0b4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea3f546226e28acbbe8549afe112a8bd

SHA1
1e47dde8463ac192c7d331a8c77046db092b8307

SHA256
bcb12168d3dd0743317a16f1930f028ed69bda3cbf6dcce185cb68476f594c56

SHA512
7883255e9f71b6fd05c569540c4658474f6b4b675997f4a88f51cb87188103f8f813bd4aa78b231a49176301a17d110c79a38973712761a16f52d2064ebae864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76ed3040000488d6f609d67ef1b0b6c3

SHA1
08970a8bff9e619d7b8f9c2afc1d719a841c4b1b

SHA256
b0405cbae5ff072591478901d448467d28051836e0529acd415196fe695fa820

SHA512
bb6d7d8dda79d4a2e6a5a55282de58571d12b43f3bfe7fc65ba9ae082e9ddf4a84f8b6caa627cf55558fb66271481b4d80e5638e107db06b25719afc9dff0cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efd3f3768a2d647dd871de6e8e9b2e94

SHA1
22dabef992b6b4f31f45998bd1de63bbc0b56510

SHA256
37dab5ee6f8d18f6717889dd40c5afb7496e6201fed843c7943040506c6d9b18

SHA512
bfb850ef6adbfdaebf488d99ba50f6c4b02e789cda69b67740825ddab445c21d7e130978c0b4c33a80bb2792ee3c7fd7ee0a51df3ea3912d3d9df4dcf1f64293

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/3420-589-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-600-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-594-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-599-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-598-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-595-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-590-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-588-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-596-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3420-597-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download