f5e16cb99726473a3690f34918082477cba89dcbd88e031a4554f14161a4ea33

Resubmissions

17-09-2024 13:50

240917-q5kmhawcre 3

17-09-2024 13:49

240917-q45laawfqp 3

17-09-2024 10:07

240917-l5wybaxcqa 10

17-09-2024 09:54

240917-lxghnaxamj 7

Analysis

max time kernel
756s
max time network
760s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

77KB
MD5

0ffcf2bd30576f20c6b487c1eadc2acf
SHA1

55e98c61b2990bd80b0417f249197c6433e2455b
SHA256

f5e16cb99726473a3690f34918082477cba89dcbd88e031a4554f14161a4ea33
SHA512

eef64c737cf44fc488e0ff0391521f93c0b07f44b65c016d23fd03d0c2b6794448b477b34de412e18dd041857f31fe4b826f6681bc36fabcda0e62519675c9e9
SSDEEP

1536:I6QJFLCCwNiePs+ehNFZuSuWtWWx/ZhoU1+HvScWXpc+NKjp3q/6aejGkaEKfK6a:HQJFLhwAbZuU1+HvScWXpc+NKjp3q/67

Score

7^/10

bootkit discovery execution persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
5012	MEMZ.exe
1100	MEMZ.exe
3544	MEMZ.exe
3620	MEMZ.exe
4456	MEMZ.exe
1124	MEMZ.exe
1088	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
121	raw.githubusercontent.com
122	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe

Enumerates system info in registry 2 TTPs 33 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133710405068962506"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2629364133-3182087385-364449604-1000\{EB995609-1B97-422C-86D3-E217AD6FA608}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
552	NOTEPAD.EXE

Runs regedit.exe 1 IoCs

pid	Process
1876	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3164	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2536	chrome.exe
2536	chrome.exe
1824	msedge.exe
1824	msedge.exe
2564	msedge.exe
2564	msedge.exe
2432	identity_helper.exe
2432	identity_helper.exe
5080	msedge.exe
5080	msedge.exe
1100	MEMZ.exe
1100	MEMZ.exe
3544	MEMZ.exe
3544	MEMZ.exe
1100	MEMZ.exe
1100	MEMZ.exe
4456	MEMZ.exe
4456	MEMZ.exe
3620	MEMZ.exe
3620	MEMZ.exe
4456	MEMZ.exe
1100	MEMZ.exe
1100	MEMZ.exe
4456	MEMZ.exe
3544	MEMZ.exe
3544	MEMZ.exe
1124	MEMZ.exe
1124	MEMZ.exe
3620	MEMZ.exe
3620	MEMZ.exe
1100	MEMZ.exe
1100	MEMZ.exe
3620	MEMZ.exe
3620	MEMZ.exe
1124	MEMZ.exe
1124	MEMZ.exe
4456	MEMZ.exe
3544	MEMZ.exe
4456	MEMZ.exe
3544	MEMZ.exe
3620	MEMZ.exe
3620	MEMZ.exe
3544	MEMZ.exe
3544	MEMZ.exe
1124	MEMZ.exe
1124	MEMZ.exe
1100	MEMZ.exe
1100	MEMZ.exe
1124	MEMZ.exe
1100	MEMZ.exe
1100	MEMZ.exe
1124	MEMZ.exe
3620	MEMZ.exe
3620	MEMZ.exe
3544	MEMZ.exe
3544	MEMZ.exe
4456	MEMZ.exe
4456	MEMZ.exe
3544	MEMZ.exe
3544	MEMZ.exe
3620	MEMZ.exe
4456	MEMZ.exe
3620	MEMZ.exe
4456	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1876	regedit.exe
1088	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
2228	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe
Token: SeShutdownPrivilege	2536	chrome.exe
Token: SeCreatePagefilePrivilege	2536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2536	chrome.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of SetWindowsHookEx 53 IoCs

pid	Process
1088	MEMZ.exe
736	mmc.exe
4980	mmc.exe
4980	mmc.exe
2344	mspaint.exe
2344	mspaint.exe
2344	mspaint.exe
2344	mspaint.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
3796	mmc.exe
744	mmc.exe
744	mmc.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
8176	mspaint.exe
8176	mspaint.exe
8176	mspaint.exe
8176	mspaint.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe
8568	mmc.exe
8584	mmc.exe
8584	mmc.exe
1088	MEMZ.exe
1088	MEMZ.exe
1088	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2624	2536	chrome.exe	93
PID 2536 wrote to memory of 2624	2536	chrome.exe	93
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 3628	2536	chrome.exe	94
PID 2536 wrote to memory of 2680	2536	chrome.exe	95
PID 2536 wrote to memory of 2680	2536	chrome.exe	95
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96
PID 2536 wrote to memory of 3672	2536	chrome.exe	96

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:4772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff90b98cc40,0x7ff90b98cc4c,0x7ff90b98cc58
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1540,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3372,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4808,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5356,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=240,i,12164453364215085518,1743523165651338965,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4956

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6640848758961534434,6472493232164565392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ok.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ok.bat" "
1⤵
PID:2596
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:2228
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5012
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1100
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3544
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3620
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4456
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:3892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:4124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:1588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:3564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        5⤵
        
        PID:2728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
        5⤵
        
        PID:316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
        5⤵
        
        PID:3424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
        5⤵
        
        PID:1132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        5⤵
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
        5⤵
        
        PID:960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
        5⤵
        
        PID:4992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
        5⤵
        
        PID:4444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2090185077122770550,813901066677608460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
        5⤵
        
        PID:408
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious use of SetWindowsHookEx
        
        PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:4740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        5⤵
        
        PID:1804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
        5⤵
        
        PID:1972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
        5⤵
        
        PID:2092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:4316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        5⤵
        
        PID:1364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
        5⤵
        
        PID:2552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
        5⤵
        
        PID:4148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
        5⤵
        
        PID:4380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16141111093782723520,7109629330435658842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
        5⤵
        
        PID:2228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:2252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        5⤵
        
        PID:2696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        5⤵
        
        PID:880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
        5⤵
        
        PID:1056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
        5⤵
        
        PID:4292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        5⤵
        
        PID:3512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
        5⤵
        
        PID:4344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
        5⤵
        
        PID:3056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
        5⤵
        
        PID:212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6681619460967883130,1139016653772609923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
        5⤵
        
        PID:1348
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:2912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:1224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:4280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
        5⤵
        
        PID:1968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
        5⤵
        
        PID:2688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:3892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        5⤵
        
        PID:2460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
        5⤵
        
        PID:2852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
        5⤵
        
        PID:3976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
        5⤵
        
        PID:2116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7834829480037986689,4158812549201492220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
        5⤵
        
        PID:2060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:2228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:3248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        5⤵
        
        PID:492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
        5⤵
        
        PID:2860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
        5⤵
        
        PID:3896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
        5⤵
        
        PID:3448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
        5⤵
        
        PID:4584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
        5⤵
        
        PID:2664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
        5⤵
        
        PID:5116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 /prefetch:8
        5⤵
        
        PID:3468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,14425311614657128393,5368637979089477296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 /prefetch:8
        5⤵
        
        PID:2144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:1680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:1188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
        5⤵
        
        PID:4356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
        5⤵
        
        PID:3272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
        5⤵
        
        PID:3900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
        5⤵
        
        PID:3676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
        5⤵
        
        PID:2724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
        5⤵
        
        PID:4964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
        5⤵
        
        PID:2904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12969717707545568671,7516553212569844024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
        5⤵
        
        PID:1784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:3016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
        5⤵
        
        PID:1700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
        5⤵
        
        PID:2056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
        5⤵
        
        PID:1960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
        5⤵
        
        PID:4476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
        5⤵
        
        PID:740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
        5⤵
        
        PID:4500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
        5⤵
        
        PID:3272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
        5⤵
        
        PID:2604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,4209634664006905140,12813540944315810050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
        5⤵
        
        PID:4636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:2328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:4136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
        5⤵
        
        PID:3336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
        5⤵
        
        PID:1192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
        5⤵
        
        PID:220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
        5⤵
        
        PID:3664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
        5⤵
        
        PID:4696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
        5⤵
        
        PID:1548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:8
        5⤵
        
        PID:764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
        5⤵
        
        PID:5068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
        5⤵
        
        PID:3796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
        5⤵
        
        PID:3036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2555253125016930971,14795855953403178640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
        5⤵
        
        PID:3488
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3796
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:744
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:3604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        5⤵
        
        PID:3332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
        5⤵
        
        PID:2824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
        5⤵
        
        PID:2060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
        5⤵
        
        PID:2396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
        5⤵
        
        PID:4180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
        5⤵
        
        PID:4148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
        5⤵
        
        PID:4620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:8
        5⤵
        
        PID:2924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:8
        5⤵
        
        PID:2044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
        5⤵
        
        PID:4176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
        5⤵
        
        PID:2908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
        5⤵
        
        PID:3664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
        5⤵
        
        PID:2272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
        5⤵
        
        PID:3132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
        5⤵
        
        PID:2600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
        5⤵
        
        PID:3152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
        5⤵
        
        PID:1296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
        5⤵
        
        PID:2284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
        5⤵
        
        PID:2104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
        5⤵
        
        PID:5336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6332 /prefetch:2
        5⤵
        
        PID:5868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
        5⤵
        
        PID:5132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
        5⤵
        
        PID:5564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
        5⤵
        
        PID:5396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
        5⤵
        
        PID:5236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
        5⤵
        
        PID:4712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
        5⤵
        
        PID:1528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
        5⤵
        
        PID:5824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
        5⤵
        
        PID:5896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
        5⤵
        
        PID:5920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
        5⤵
        
        PID:2432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
        5⤵
        
        PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7172 /prefetch:8
        5⤵
        
        PID:4308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
        5⤵
        
        PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1
        5⤵
        
        PID:6500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
        5⤵
        
        PID:6508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
        5⤵
        
        PID:6516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
        5⤵
        
        PID:6592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
        5⤵
        
        PID:6664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
        5⤵
        
        PID:6752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9560 /prefetch:1
        5⤵
        
        PID:6824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
        5⤵
        
        PID:6832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
        5⤵
        
        PID:7028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
        5⤵
        
        PID:7100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1
        5⤵
        
        PID:7108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10376 /prefetch:1
        5⤵
        
        PID:6284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10324 /prefetch:1
        5⤵
        
        PID:6312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1
        5⤵
        
        PID:6432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1
        5⤵
        
        PID:6740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
        5⤵
        
        PID:4832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1
        5⤵
        
        PID:7280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11028 /prefetch:1
        5⤵
        
        PID:7364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11540 /prefetch:1
        5⤵
        
        PID:7436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11332 /prefetch:1
        5⤵
        
        PID:7504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1
        5⤵
        
        PID:7964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:1
        5⤵
        
        PID:7972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
        5⤵
        
        PID:8044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11028 /prefetch:1
        5⤵
        
        PID:8116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1
        5⤵
        
        PID:7240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1
        5⤵
        
        PID:6188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
        5⤵
        
        PID:6488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11868 /prefetch:1
        5⤵
        
        PID:6496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1
        5⤵
        
        PID:7460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
        5⤵
        
        PID:7608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
        5⤵
        
        PID:7780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12552 /prefetch:1
        5⤵
        
        PID:6388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
        5⤵
        
        PID:7680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1
        5⤵
        
        PID:6172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1
        5⤵
        
        PID:3944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11984 /prefetch:1
        5⤵
        
        PID:7988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
        5⤵
        
        PID:5232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
        5⤵
        
        PID:4164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:1
        5⤵
        
        PID:6800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1628 /prefetch:1
        5⤵
        
        PID:1268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12888 /prefetch:1
        5⤵
        
        PID:6588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
        5⤵
        
        PID:4480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13116 /prefetch:1
        5⤵
        
        PID:8496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:1
        5⤵
        
        PID:9112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:1
        5⤵
        
        PID:9104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
        5⤵
        
        PID:9136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12840 /prefetch:1
        5⤵
        
        PID:8204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
        5⤵
        
        PID:8228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13340 /prefetch:1
        5⤵
        
        PID:8320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:1
        5⤵
        
        PID:8400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
        5⤵
        
        PID:8692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13708 /prefetch:1
        5⤵
        
        PID:8688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13808 /prefetch:1
        5⤵
        
        PID:8788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14052 /prefetch:1
        5⤵
        
        PID:8836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13860 /prefetch:1
        5⤵
        
        PID:8896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2302286064614847755,7534739918802474859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14240 /prefetch:1
        5⤵
        
        PID:7928
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:4940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:4176
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:3920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:1420
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      Suspicious behavior: GetForegroundWindowSpam
      PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:4292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:5272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:6052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:6820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:6792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:6804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:6164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:7828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:7892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:6760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5508
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:8120
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7044
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:8176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:8048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:7380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:6364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5604
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:8140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:7804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:7996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:6632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:8188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:6796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:5760
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:8568
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:8584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
      4⤵
      PID:8524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90b8446f8,0x7ff90b844708,0x7ff90b844718
        5⤵
        
        PID:8540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x500
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:3164

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
067c6fb6110e57289b7868b2ad3af974

SHA1
41e6a1585b8d2c60ef32b2faed40830c02b4f648

SHA256
dc26698bb910ceb0128d23f9ec32752dba04e4a7ac94124d70987e9cf31db252

SHA512
73379278008ef22533c3f2d2570682aaac584269cc95e22ac8e3680319f1c4c499813d9862761aeb85251c6618aece8dbc8c5da953270f8c778ae6b73f974ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
34da566d04114fed42212dba183e9555

SHA1
a49ede44ab0f7c855f01e4fd84a1c327480aa439

SHA256
afa7bcb6d94ffb966995f22b4b7eff5b9a9e23e982871e282f752d826002e74f

SHA512
1224f7dc17d710a902cad0b6b1b20057740cbfeee4397f73b488101bf6d2b65b3afd5cbe669aa3592879d791f3283978e91d2ed152ae9b026ef5e7e6e019344b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7f2002cba8a87d770dffea494a80e961

SHA1
3dfde7901eba8afc61ce7d929fd5b29852613389

SHA256
a507ec4abae7bb79e600ac5d45eb383cd127e8b25932ff8a9035073456626a99

SHA512
c4bd45773c4552acf41c3b85f7994fbe2f93e33fc9e0354772e7595760420d56d6c1475712975f2b6c26a363d5091569db16a1b295a87414cc9c4b6833c54fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8e0d3b23de14f5aba322ff4fdbe4db6d

SHA1
f589048f1ac5503e9bdb2732979994cd189a6d85

SHA256
2f50097025f1c5579a2fe782bd7303b9d92e94fab68d14c3c3a9a37e0ab8a68e

SHA512
cbab157be8745577e0ea01cc97497a00e67961fc34bc7bccfbff15aa4225371013ec367703439dd3027a402ffac68be2166c60050ad4885281cdd131b049ed7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b79e013d747ce31e5f0ffccb10ec4296

SHA1
76f4052d5106bb8f99f43745977240cc6f917c6b

SHA256
76502c55e128b0f80040cc1723bdfdd5cfb74b5dca8b19af5ff6bb5b3d4da95c

SHA512
c2c0a4d174cfc975631fcf0579f16059e5609e6798164f7ebb368dc83dd53fbe725bcc19f3c392d03083386e3d709bd6efaf39f585dd589f455cf8784f62051c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba1f5f1da87ce78c73d25f85b34f7e46

SHA1
1f24b263a3004cf34038ffecfe01c7f5571b2457

SHA256
e0c3dc569d5bbe7fe704aec3f4395b5dc41d425f1cbdd8cb7a071f5bae485485

SHA512
d82c19b85abfaa0d55c6abe7b27c34e0390ce2146ba8feaf0bbaa7ae6321adb2e139ed6b18b44f5f37665929f329d3d589d0a904ff3edd169e1f7ece8b78d0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d95cf50d11d3177e586e5b6fe47a0739

SHA1
3aea54f7b08f289788eda6ad821fa34a9307025e

SHA256
9a209b546b2e52f008418ae8987df06c57a0d5be3761b320a91ccdafb93f38fc

SHA512
e37fcffc7d612b423ba98dffbfbdc17e4da6117c65484f0f1241b9a15a958186f63f385656e20991c99aa529d87134c5878b73f844a363c63c6f425bf12d1307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35e498f7ddc9ce3d5420eb676ded5554

SHA1
08303ffa19707f547610f30e10dd73de81f38d4a

SHA256
0a033fa5968f5d459792c73e498629bbe14d300d6b34d084b87f320c5eede025

SHA512
ea35cee34e9c95c8981ad60953897a06cff3e028572346a4ceab25bf0ec1ca01eba266650f9e9fb4b1b95d37e482e4b4678209c3ba0a4aa6cc24036adcb78241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f581ca398130e5be03df6a999cd4687f

SHA1
9cf15e0e4486896cdfd5200961972a3f7965aee1

SHA256
095b5bc5022eb91071d91fdc8947ade06c846d97bf94bd4b713fcb1f9b5e330d

SHA512
69f28564a67d350651f16750d1228c5ad9446273d90974c2a5bb0823b6d151a629a4baa10798e1a8ec2830ca1e034bd0b9f33a6e77d9ff0699c443f12f5b5683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
3f2cad6c2b2a6298b84ce7b9e00b98d1

SHA1
8fb9129a6eb51b6ebd646d13e17c46b393c06559

SHA256
77d7f9e7e303913c6bac0de0280e98948307c4d09addf25ed75ae2424faeeee8

SHA512
9f521b819bf71adc10ca054afe9cf483de6007e4e9c3d3d696a6893fb85c6b6bd0a238639779824045584f7ecf99116e198cec0aedd3e88830f84eefd62fd785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
c2da8aa381306db655543c522ec5f56f

SHA1
16e541c3b951a5f76446658e7617738ebe9479de

SHA256
fe335d5be97b5d5746a88d4041c77a74062c214ce7d872de567c04ae88572c15

SHA512
5d64ee2d4fbf637da36bbcc52cc8dee9ccfb873c1457c2704019c3f53c6f4a42fb6cced631a328218b7dc8c5861f851752f8db1771f11eb5821be625b3184299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
ce8174301cb5e992e76be5dbe5a9a777

SHA1
36f4034b00b7494f5824b9a12a23fb7bbf1fbb4e

SHA256
2d4679aff86a480b48eb66e4ef50a80601e2320e4672cd6ac8afa0f65748542e

SHA512
90b85dbec71e97155651a18dd6e9869f70e8f61e09ee570548a1d1d5edaddbe23c388680be7fcd3abe59bf273d56a8f7bfe9ff1b9401465b493a309bfa41646f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0e591824a7630b999843b5e16f925d82

SHA1
8622e01e38de123cb24ce113462fa3ee54d5a6c4

SHA256
5fbae563923b671d2428d23337d905a5d3c570029865ebfb47cf7aee629a0f14

SHA512
e8c1ebbeb3b6bce3ef761587f499c2121a69754f2a176fa87e4bc4fe7f725b133787a8be21b56e4765733c21e367e2c278eeff98e9d088944712fb8b1be7dc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
831dbb4bb5d64769325253b50465071d

SHA1
0314bd9f2eb134ad87d09430865143774547bdd5

SHA256
c02edf7e41d2c2f644220b0796a75ba8a683950c8d9e1907aaaa1b73a647935a

SHA512
bb80f1a844551ed84872fdb5da9f479f966b880850b626319efeedac5cf0185a330d7289c70bbfce38c068165bd1ef1ea64e5b7f2d01725706b269c610f07536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a680859fb345f88f09f8a81d1b83b825

SHA1
ff6f20c9e8baf3a801e6e2d3d6790af5a30ebf60

SHA256
8cf745e842e2d6e1d6c5a97166917a37277c80511db96b5c7aec223502cef80b

SHA512
7b5a466eeff8e3d58d2f1525b59713f447c1f750ee51e750fa7e0aae21ec098db8837d8f9f35ebb0407b543d2c091599f2f3778005fda7f0d06e21abe4f894f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b70af96a50e8554db4ce6f027bea1a4

SHA1
7a69a927316583f6a16cd678e67cf0084125c63a

SHA256
eeb94ded1aa2ee2713ef6b13d46cd7227c7accbb23001deb6fecca6ec780a115

SHA512
69ab6df8aea3557309c3003fee742841515afc68e059c56b00a8f0b76d4cfcc9c95530ac603fedbedcf21391ecc4954731311fcb1df670eebea38b64e3e5669b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd64308540225a450f0eaf80f30e6ea3

SHA1
b90321e2f5febbf192acfd67149c6e4f0cabf8b9

SHA256
4aa724aa8d52de92220c0fc5d7ea37658a1a878f68b9db7a5ae5a4cffa6d5fba

SHA512
d59c17eebaa33f5024774804fc7879c57c4f2e7ff88768ab542981e99ee7bacc412fbd0d9acb92f10337725e0e53540033fc688803c226b5cbfe25a8699d0bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bb041204fe292df655e0c0b891e9d9e2

SHA1
5a0d54a42385c1b8e1b02d1e434d730fc1a52dd9

SHA256
1e6db7b512e0bf1e51588d97862e5ce140a330b450590728ceec91cb0f3beea5

SHA512
2b3921797502ccbf15229471492efe6b673091ad07c696a2441a8d7549fbd913b6fa14cfc3a4df3a2cdbcdb5b275bbbd9e045ec0f7b3fa4992c3991e7415c662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a45bbf7859b0cb3fec6c4b5206a1cc9

SHA1
d4d8f9c64f7674175a54b07f41f35d4f08cdca56

SHA256
a9e9ca41fb00d46d009d5d07d03c3342c434ca7d681b5b73e5c5ce967e66a14d

SHA512
144be928503ea72e649f2291ffab1473fdde72f3da8dcef533a36f82a15ea0a5796234ac0a138d47ec8fd1882f70524835156502dab3ae5462aa8dc352e4dc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32c2b833aedbe0e9ab280eb80536dc4e

SHA1
52e6a0933a83c383eaeefcaf69503a412e733a08

SHA256
5804400f90eb026247e76f13663206ac569b45d738266d2686724fe8c8cee916

SHA512
1787a083d435ef2b664b70a6f951853df168e04bba9a314617de3f91533bf340b81f8b6fb953af8e6d1d34b7ad837f1ce8a8e634ee303c0d1e87b1d55d9080a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
facb413aa02d6274b27a17a27a9ec520

SHA1
f68604d5cb6d950a42d9dbba4977ab24f52f3983

SHA256
aaee0330e3fc476916d8b0980d4aa098cdc74a7b3272b163ad3fa13980aca871

SHA512
758ad9b98fc2e0068a090adf3a3b43be87f05d704b63368455011b5f32ccd55f5d1e2fac880944ca7c23deb240320a606f1a505447b7091fc377fcf71394efda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5c732dcd1d71f818ea8fc8dcd93c500

SHA1
e6e1bf81c8852faed6be61e77c9affc47bd2c2cd

SHA256
b23a7de8396fad6932c37394fc5a543771bcb69f343603f99d15409afa95eaff

SHA512
74c7db67acf175040845e136600829c4cdac1b20451918c41e4cfe0b6dfff2da203febf034125ee8b12e68d1cdb64a85c518f5f3998700288d791bcf9db9e1dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4b5eaf7edd9d5391ddfdb694e0cd888

SHA1
d1f92fbd238c4d5fb6861a83153893568d514586

SHA256
1d5fc1e6da67b60df30ee83dd11359ec3dbe0c4bdddff2f2f862fa9c4619d903

SHA512
1b62d5740572b1c17dadcb83d9e0017d6a8ff94cc64bc024cc47fa92a8180f7c2d18bef79ddf5cac8a9a97ecefd8461b06665e522acb0c5857dac1a2838fc048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db1ed3bbcaa8e96c29a0b57e72bf0319

SHA1
9bc11860837a2bcdd048613ba8dd76d6d77d32d9

SHA256
7c7db5dde536599fd7ffd4dee8e03ca0f6680e662022869057b09a4635b9b87c

SHA512
eb7375877e9b51ebcf8cfc62cf822fdce3fdce837fbbd00d4d54c52c4f67bd82408e4809e1c92f32e9f3edc9e6726910f752fbeaf14704745688b0239405e6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61d4b47c42ce35ccda4a4896f904c66

SHA1
5db056e424d75e51112c2eed91b971a2e0c97eeb

SHA256
d4cadbf083a2448d655c84522c40eb3bfd7644665b30c9f3efb73d861715d045

SHA512
8cc23bdd31f38f94b968d1fc9b39f87dfdbe67a142c6a298907c5ad9fca6d5315f703e2c74ecfd0e0a0d50f0a8a23c1e7d3bf28a8de2baa5cb9b9eb61dbd1064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0dec08c4-2d8a-49cc-a44e-2e1a0fb5afcd.tmp

Filesize
936B

MD5
1cee9f0d9bd5e5f2b89567cf88c94a89

SHA1
38793000e462caa709ec844a50eff48a17344051

SHA256
7dff926dcf7cffe78025d52d2d578205971b1d80a74b0507b3f09cf375389b98

SHA512
9135afa98da4a39519d6c7871771db2218a9677932a9468366cb00558fa68ded854618cb9b9fd45fcfdb7fb42e76194c4b79ee82db9103052acadbb98e354983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4771960e-8028-44ba-93ce-6da86ea806fd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f65fbf860c5bf94fdf0ef8071fac8758

SHA1
5bc9a8394bdaa81ea0dd1873c3b1d6caabe6516a

SHA256
afec2d53cef62d9c5131d79a149ea01efcecd765395ff1915b7fd59b1767eaf2

SHA512
8dc923cb7ba256c2c455c7539159551ce278a55c6d02b0b99241bb636ce5e26be7828cb1eaf2462180631d6b2f402968b4dcac0ed94183d87e16a54f06d8c991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
68KB

MD5
dcb2647a1d3db1769f6f9570f07569ed

SHA1
c6f40fe1ec3826b4931d15e3406a2e438e457cfe

SHA256
db8451ec6c7655df3f71bda5c97d12bc22be54cc31ce1aba550728fcb70e8f2f

SHA512
97a39625353abe61e847787a7ec68ca87883b42fec83dc3fa7cb1734e7115bc8f595bf7d15e13c6c18f52c1b9c80cad60898fadb9f703f126d1d94e1c3b49876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
69KB

MD5
76fb29b3b8f9d7e022c737a980aa07d9

SHA1
a558d64a5d1127030c61f57e72047f9170a1060c

SHA256
e1faf372208be544c0236850aebe51b11df45fded29edfda5dfbac9cf608965c

SHA512
1d23649e1b4379f949ab7dfc277a97e1fbaa1fb61a51c80744b38917dcdd377ac216b502b1ae9b00103990062f614657eba68185934731497923c4273e0412b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
79KB

MD5
cb1727e95d0574bcfb973379359cf275

SHA1
03a5ca88a1c5b400c4e18b8672ed9789259e8a31

SHA256
f49964993c160b11ad28678dba5c45c593694e902618b8d1902191f8ed100801

SHA512
5eca382d05e33ce55ac7e0c6c3d45e993b1e1725eb67f968be9ccf5aa5aabf09bec2dac071fbe0a7a0d83b7d20b6f4c4112b93b933fec8c4297988ffb1bf1dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e0a0b670b1096f20539ca327c22203d7

SHA1
4e6a4f1b64754f7f9940d5ab5a15c4d1165a826b

SHA256
3cc14a3ecaffa3b3ccc5ee9988238153155d5b366b01328a64b5cb8555af8ab6

SHA512
2247048518e16c9163a2b3c3bf8b862be98e3de2feb63e6ed53035f46e7cee6f9f53da2db97455647c67a9de8215bd3a8cc9dfe19739ef7cac7b0f21acad33f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ed030cb491072fb3d9ecd67c1bb6a9cb

SHA1
3272e54e37b689aecf05290c4f17f39ce3400477

SHA256
902f6e6dad6d90ad7276870902404c9828bac15cc72531d3e084792e420d7fd2

SHA512
3ea381c9bafb3c649330b9306aae14413a27c8d721db4ef3e41e8ccc3dfaad5d6171b77dae3dc584d406de6250469805f89ed537386e786a283d9e6929f91851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b3e0a95c6e9560cdd56ea9535ed6ef79

SHA1
1bd01a1f7e334e932194939ce0a05a70bfb74245

SHA256
0735d7d97a1c27614dc87dccd51699de1f05ea2d7a5b991cf8c54366d84b2628

SHA512
d91686fd5cf2ad266a15fc0215e35152981cce7360561ff0b4f756a1b1910c329c9e7e8f536296120193d03b6b170747b5e860d9f70714d79e86d6a595ba887f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
65eb23e112af7078105d33dc7df9c4bd

SHA1
0f9bb44c9592dce9a08eea5a68826ca91ff3f7eb

SHA256
0531604d7ba2d55b5694cde1e729a5f1abfef2fbad2c5e85f101cec386b61efc

SHA512
54de631added88961efc0deacb502545c9751f792e4a254485f518325ad132e6f10b4e0be2265a249c94a016f548f0df884d0bff8e4a831951e07bdfe2d9982a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
90507341b953b3afc3b2775e16e95e7c

SHA1
e2de67cc4005242074238be60c6bb1d18f4b7261

SHA256
1e90e48781eaf4319def4281b99745a377d15ed353c9f46e33660cae25e57859

SHA512
1423e02660364203b05573785b8d72bd11a5382f94b4ff9882ee38e0a173a43f42047fb0113161f6bb12d4fc13d381c7d2a720d8fef3031b5f8cf6f338f0ac3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
53cf862fcdb608411140cb3927dcb60c

SHA1
f8f93f3a9a442274779cd3af6ac1f0adc5cfdb05

SHA256
ecb1f840ddedf2468905c54ccf8de2c2be1f56c9481f184fe629c19314f2c328

SHA512
aaf0d9938391d4acd6864044234cdd495a50f4c36e67533296562df4c101d1a0e2e84096a84dcfd67b136b62be5735041a7a60d1e8fbdb5bccfa6103085918b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
d37bd2169c247db3a67d6736d61d595d

SHA1
a65a73c57c89d7a3fe93474578e5e7cab69dfa80

SHA256
b75cb199e02d042c5494301cf848d06caf0380f91a3b76781305d24492436d03

SHA512
6e0b2d8512dd6a5f0cbf49bb233d034023d4e3ac4dc76bc2c82a1b55f70c57564207b94da0a3e795ddc9d8d91197bc46aca219350dee1cee5db978e029eb2eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e6728a221b9f6a8f97fdd686d1b153f3

SHA1
876ac034a6600a6f49e0dd0a0c6e6f182ad276c4

SHA256
c3ca9f4800acbe50ea4d92108e33c0ab7dfa398c6a8c7f4f2e92bddd6960b505

SHA512
406a6dd428d9d95b6c75a733cf360b7c241ea6698ea5b26737342a3a1a7e4cd5b23c45e3c0a9d643e1a9db1536f715fec4469cbe602049fa3cd3d526b0fa07a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ffbe0e41b59d1d42923c2e4d3f7ab2e8

SHA1
71b937cda2fc2e2c1b50c1610cf8d2c23cf0d661

SHA256
1d417cb124fe90df3bb7a8f09712c90c25e1fe3f32356fd47e1ba9f49a4e0d83

SHA512
09750fcb7686d52e3df837b9a6e0299d44a0ec6d2b84a0ff7b1d98d2b663df39f0cc5bd82aa0515728000d173a15cfb511392b18851ffc1cf992a6bf3fea054f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0c43447a573cc673c5ceffd26c899b24

SHA1
194f1178728c9ca1332b7ec1cf643768152d4575

SHA256
9210481402c623e94400e946c19b1b666197dd05b0645ee17bd4ed7ccdb3f5c0

SHA512
67f71e6df6ce7470c80345ed914165020219a42671a8adebb049b1e5eb16c86684ef9f5339575357e638d50f16403a6e3ce21fe141ca98b66408d277c36526be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
15d06f6c5a201a8782a287c4a15c502f

SHA1
acd6d65798374a9405697efdfd1e536a4af3f6ad

SHA256
1bfae798beecc27e4d4c14249458e4fe9105ae1e8efe50d9bdcd87352225ca82

SHA512
8f4e00f3c8c7a1415fd47f202cf09cacbc72ecf5fb2c39aa25891af677ab55cab1f08cc0b56a71a93a5ba177d9e01d588ec3bd67fca4cb30d8f9426df042357e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
caaf9b51932a1a64cc7dba8a3c16faba

SHA1
ac6584273b4070b676e4b1414820c2c4375a7f06

SHA256
1f1fa829e27063cf462f1838074f2802da49bd8237c0a1a956e13ba002753b14

SHA512
73e04778bb18398c25c298f118a332b2cda9326a23fa5c5388bb38f378295ce0d1d4944086f6bc3d96587e7be2e8046e1b8b9d048066d60309f62f469237eca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0d02ddaf2b3ad0b03e2e0a7348b0abad

SHA1
94dcea5eb12206b3a98822f2a20be97b778f77d3

SHA256
1b23a2d5a1824d7787c7a3027d57030e11909fa0f43e9dafaca3999b30fce07f

SHA512
017c248166d74c6961f3e43889b6df3d9d3c55f436b127b3d41452983f9d9ea142c08c0855be98dc09c68dc9c421bb12e156df3a655c462422344b2d5de4d689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b8e34dfef73ae73513ebbf861a43d437

SHA1
e364952dd07128718bee2497a76637cd1327b94f

SHA256
dba0e304597f912719fecd529fc822e41398eca0305d29a1ae4e988a3754cb66

SHA512
c15e748c7453c5e929efca7d47248eec110389032f23b6b4e88872098dc4e63051a87395d05ca6ed11d3210f2af1503fdac675e44d8e55be280f5350c8df5377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1c3b693fdd3bd420aba0cace2cf8a831

SHA1
e34de99d9d250c37327761e8c52cd1ca06abb2b6

SHA256
736c810d3e6c6c21755aca42a15f5906d45608886075ea73d1530b230851defc

SHA512
5233f0119950841522fe62c94997266b23c94e25753bcc2a4bd4f18c41210cdfead252ea1bc3520222f949e07843b58617589a4264a53a1b723c00e4c3ec47f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a8cd5bbbd459bc91e783770ff9b76bc9

SHA1
20d8736aba569566bd8242ac3889f523f7cb8e02

SHA256
15c40ed61e6cb8df49fba9f72cdae7ef068f364080d22bcd2ac0dd8c943dfb6a

SHA512
a917c748c9a1b8e42b50c434118bff7d76ab9779b8e62848db53b7f7bd18e8e3498e94ed1b6076db8d47a61d74a859a5d718a70b2ab7c8f462c007f2977b8ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3f323df6bf6a25f6aee8c03bbada4e1d

SHA1
536c2ff4f472c018ac3b7ce62d1ab67aa0eb0187

SHA256
fdb080245654e71b11a4bdba818bc4e12cfede6d06b2b3e15b722c853f884e30

SHA512
c3c2154329c6e3ea38a8a34e9d8f5f6a86d129898c9c9b2a09a2ab2e1ed856778207b48906280fb8f7f3eac80cb70d12cec1242caa4b1f16f501205cd3dbd5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
0d707c0cd4d3a0c2df032e3d0754699f

SHA1
125376ca946a4bd448a1f079a207de568f82b342

SHA256
7c4029188bd83e72bfc80c7e61b54f93e9290f7818db34166a58574e2c058be4

SHA512
9d2169a1ca88687e2ae400924aac0ff7a773ef9af849aea0b3f51289dbe4e42513125cc42074c085e6f0a6b73f81a6f40fadaa78f12691e02ccba1268860cc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3058e06d64dc53ad79a3ab76a8e40fba

SHA1
9349b0bf6972f2d868b446fe315e0747539558b7

SHA256
2dbeae2303030d0bd5e924164647423b653185d68d76190fb0c627a70ed944d5

SHA512
c9a48df1af0480d190d4e6114efe022041f7b5890c48d50d3ac5947730bd701a582f334da8bdd5b2c49c3f3ff8f21f7e84d53978bbaaf32e7af7ed38bd92deb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
07c4686907e62ba847f0ba0fd99e2c0f

SHA1
023efcb91422f16ee5495535af8392d7447a38ae

SHA256
c27db8211a1ca30676acbbd0244ec4a0959df9c89f0bf8abb166eae9e9fbc3c3

SHA512
0be073f1231d4927c9866e9bc86ea42478d6f67e7f1dabfcb7bf0d21121e61d9e52637576edc4088e5ed5d32fe5203be0df84aca5addcd58f2a106fe9575418d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
21df0f55ceb327fb8b9aae34c670e616

SHA1
e8111b7a1b2f0de132cd813ea498834949f20e4d

SHA256
17882e1f31347bd34b6ab99c55ed9e95da57ee05edc6e4db1f404dd29c34ef45

SHA512
1ffdce65a78b7fbdf1816d7617ae78725d07a839c5ecb5f26403fb21ad11547f476695db3dde5e0e0e38aa76f35a6be3ced971171c37c5340b1795a40df5f084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5232021695e5b2572cdae6d923f0bca7

SHA1
4dacfd4bd24a521ba8fb61c79aba8a758039b876

SHA256
a5f93f1158b2ee9729e315600f6a45ca75cc944f692dc7ae5e0fe9b83dc104ad

SHA512
281f5b6271a4e042deb659412c38f4819c28ed1448eb8c9797f9e73c14a683b29700cf76946326e49174e0e2cbac4eca09e1a2846366f8413f2b39527c308258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f50ac002b7ece1ade7a3ff03fc70cca3

SHA1
c6e5cd2f9466ac6194b023ae46b808b7f40b3e1f

SHA256
203d930a74ae6e4133830ce4a09b97c6b3387cda967d706219c5ae99cd76dff5

SHA512
545f672e1f84fc9110492ce0535f4fa9b7b1668555e1d0203ba70dede4726e3968b3f95c930e719a5b3ede102a51fb7f2acc8386c6e1751bde90a13abb77e1b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
4b89027f7876fa8f29ee87f0edefca12

SHA1
7e37966e5f5d1a9a14575493a946522e97e64002

SHA256
c123dd4c9b9f6291ad71a6c1541ab4de786daa68585f88a431a9d3cc8d93030f

SHA512
1774bba517939fa4dfbf801ced55978e6427d3ed629e34144d1ea4928557e0ad72c84bfcdf6859266fc67315b44270d2d4b9e7537605ae09c202c81561c0eae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3e614127fcae96e383bf8d4d67c3e849

SHA1
d98f83384e5f9ebdd63b39ed145aeff7ad4f425b

SHA256
aef0a65b3f745deff36a7283ec50a04538e9d1defefb98fb553b7eda670f292a

SHA512
7f8cd8a808b13432d058ef28ac44b2e9e1a1c99240d1c9ada35aedb1d0f5f7bbe2ff76006f11563134ac8c378e1644fc58d86ddae06fd082c7746c139cb7306d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ba4faef0c3a9b9f875f4661ad8e58e0

SHA1
8ba7988d350469605af217a971a093d01789d4c6

SHA256
293886113afff701bd719a4c945a33a10248e22de2384b789e364da13bb3eec2

SHA512
92fde1156c449868e072459f158697018e910aee02c41cc8aff7b2377fcd239d1bf811994035d498254dd96902664f8a530be0324acc95fdd505d546ec1eb37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
81f0020bb489755ca95efb0beeeb9759

SHA1
ae166a1df1a84ad4b291afcdd4d871d3c6c374d3

SHA256
874d388eb3cd82c669a0e19374a9863e69cac888f519ccfb42aa44c059318088

SHA512
7143f345972f39e16ef8929324ea42552657633d80dd6fd79c873cf7a1e0e56d8fda4721bfcd622e1c878d06918eea88d51ef58a6b39ef79f913e24765f4f621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8126bc0b68a83d66c371acf2f6097e54

SHA1
cde496c4d7767760f44710c5005d3fa9eb9e652b

SHA256
fb4fc3396daa20c60281b803bd2329fc6d740764823837fde77e21430d6f612c

SHA512
dbd2e49b1ffc49faf22a3d4d698bda9954afa63290bd0f843901d04a77aeb5ffa586cadb92f03e85e1dab40203cdebb39f8e633337985574e6189d3ab8a8b7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
806e4aee27552941908c5ef33a6fd8c2

SHA1
e4ecac7176eaaf4cf5338601f011a67ef604f58b

SHA256
b5df570c850c796b88262deb4cb6924e44f568192dd310349bb4c569c590d689

SHA512
95bb53c30b24e245ea4980428991b49da82b44e6805490b6ec0396948fe28c0e31c06ca923795ab29cf4ba88ba5f9c05444aeac0c2910824729119c946367d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3409ec316759162c88a0bc8e7fb30108

SHA1
1f5530401ccac5340fa76885b7a404701b83532e

SHA256
30b4e0038e56d9b977db7f13a10ad8367345b9fd9d570eb936ca3aebd29fe3e8

SHA512
1d2a6dd6825419435ef8cd44509595cc4b650b105d49c22eaca2805ed94ed3aab36f2f3484e450421d685954d5b68cf356e498d9a61bc2bc1ca1b4416ec9de37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9cadae1fde893b894a49104f1d9fb578

SHA1
65bf5a474c77dd708d9329150555b6c314589c6e

SHA256
47a3ac4819f5282e4f69d6924f1c1e065a1e5cf87b4daff70cb5bcdaab2a8994

SHA512
317cfddfeb58181d3a76528c9eb79283c248e3a00c3b1b055a3077db25307c5196de1a64d7f405990ccfd0b5305431b6861c67b3932d626c899d19d42cc1eb46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
118b6fb94c2d5902c65244209ba3d3d9

SHA1
48699b63293b2a3b1ff8f716047309312079ad64

SHA256
53defc4c24e3c243c94249c48c3756173706712dfe424f2da1b97dd575b9545a

SHA512
662c2ff56b581e64270e67a392723f99dcdaed31c720de7008cb74669a03f6a8522568c744d2517a666af7f36281571fd8f40c703fca1e4c67bed2147627c07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b1d1fe628c7e5ba6b6c34a53290311d

SHA1
bdd81b9ac0dbb3f105057366e1f0ddd16820f12c

SHA256
09acacfd600193a6c2be1c6d983892ddf1406b1022ff1b85cc110b95664a4180

SHA512
485d14f8e20b697b93458b2c9ceaaac2f1f31991ec93a19a464134e306962bbd223909e0c359000cdabe03e4fc06c23a80f09081387b31abfda426d47a6c44cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1712f17517ee2db0feae763b38c58934

SHA1
c5469813b6bb4e30023d9939c4c7ee434621ed9b

SHA256
09a237920835bc10d9b0eae01d53f3e39d997425fb4868f984a48e9c5f14bf4a

SHA512
a2c8859998c9c7184eecfdac34848189f546bbf3f403c32f631dc489415f7927915cd50fc47c5a1a8094b6f7d6ca841af76044561e4d5aed7a0659d71712e2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5b8d778339bbac8bdd2aed762e46101e

SHA1
cfc0bd91ab52e1f1b553d06295bebb9db72a8fd7

SHA256
a581063946d0d015a80ef772163b2cdfaacd909c8f831e932c1c6cd847800d51

SHA512
c3745aab9f98e9effc1a44df21ba445662b98b6e383800484e099dd2d106773724f66ecc248f3f88668836fb0ce7e4a45cef4867b90bcef8f8fd792a7f3c04cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
25e5af3177dc7cf1c0d2803b64b68c73

SHA1
e8ad69ebdeb3547784b48bef68dc25abc1e72c7b

SHA256
6e243691756151de89b5747b21b0d46bbc87a47d8dd5ecf165e0ff5a5ae00202

SHA512
15cfc30522c4892b71022699f7f277ee032cfe31a73e83ca0981d9794b6e164a68e105bdbdb5e2b1b210a5dc1789a05aac913b71ae54e21fbfde4c1db741a86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3c22a9b9135a4197a2c48df4eb7fcf54

SHA1
0189c4910fb3d1460ae2f8a2898de6395f43059e

SHA256
815f3dc882f0a01a4c0f79b65d81107153342224e0c46676eb17cd3a4e5aa315

SHA512
370b9c912c2e7980d43c13705f6fd2a4d615fb015457055ba77daf078fe0ba66ed7dca5064439b4338539eef8e9cde3b45307cfe7851c83f818510f351368af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
ff4ffe8ae9e816640c4c34064b86aa66

SHA1
eb6ce020d669cdb7686b9b44ebd5317a2f36cfb3

SHA256
525c43b6b35e5dddd04bd1cfd3cbbb0260e7f35ae658700420164ec0d6772e54

SHA512
28ad67a3095852e8d01e3c5965694f2f6966fd54897fa3d97217dbf09d44f386207dd92bae949546046663dd91a996823a14ad6cbba9067950bbcc136bce10d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c3b5085c78ef3a09fab597c1f9164f64

SHA1
1153acb9805d4a6ec8393662c94c1cb4f80aa77d

SHA256
eb757654fd0ba7ca74191229c7621f41bbbd5999c563a38126c9de7ce80ae28b

SHA512
f02253e69ecb95f4c35fa618d452d6daaa582f5a1329d82aedb78e25750b2ad2733fdb17264cfdd0b0a3d563f5783cec8b6c5ebc5e939a4d36c97a659e1d4778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
abd74c66339361072f10ad74729eb64f

SHA1
2f89549fdeb3efc8fdf91ab439850f64131d863f

SHA256
5b2b82659563846b51c4989ec9a86fead0a41a2ceac6a454b9e803b7e0df7112

SHA512
36b50689b526cfff29f0694736e201cde49ff59f25afd87dd5178c7718930e1f6387a34bf67a935cf835459233eb0ec90757941b7305837a587c4cab251a902e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
3c02ffe3f75d755070f38ce93746fc1e

SHA1
274dc0040552f3b2fa7db92fae30646939fd4582

SHA256
5196f9da36fbf21783766500fede37aeca1da6aff4747fcb5f53cdcf332ec47d

SHA512
ff27702791c40fad0b8bc87764ad25091e953c6bba9445e8b3f282db5d2797d86c54582136451a2bc534b952d0c21a42256ede39c424951baf166c753e57a049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4bed9645af6a5f292cf774f69818792a

SHA1
3f94b95399debe52e30dcb6a84c81a5486954f2d

SHA256
2938974916e82139c1dceb8cc76a2d7bdbaafcfb16c9df568224a9eb6b2bc48b

SHA512
9f1860c20fc41d56aac2bacbb2980b074fe411cdf349d675152d908ea1f7a368105b52be2882e5e178e5f38d96f664eb0a7b0b679722d3fbb25fd12f9a2c5fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
03d0c9c135a5e563b47927aee6ab6ef6

SHA1
58a4cd80f477854edffa5f80c891e44d3fff768e

SHA256
bc8e94302128afa9d07ccf9fe010a5d9909833ae7da5d33673870d3c00c9438a

SHA512
0a1a506c0f660e9272a9b7a1f168625356b97ec467081ace9cc52d6523116dd3aa768029d67eb81027bf721547e9e28a643fe5ab8a11db443c50323a784d7b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6e9fd2d8f2511a26475cc683021c890

SHA1
486b38798bd9200991f739c90fb4a85243f35425

SHA256
891bc4f91a8c68ae4542f22673f6e757fb1c64a88b8510ccc01430d4ef461093

SHA512
7652dd0e3c718790bcb0b087e08a565a65e792fcbe4304cbbcab2038b7ff5b6647ee9d4268b6caa1ae8e0d8d550bda59490c58aabb757326a4beee1889f0ca84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ddc76ccf5763ec986402dd35f30f0b9c

SHA1
49b5f09925e3d1a147c56a5cfd8a5c07d3e2e9de

SHA256
a8bb0fe003fd1e571037b70efc7ff6b1bb2ac289e2706b2ee73ecaea2007da7d

SHA512
d4e4f01fb5efa4c03cce674687fa8fb0ed6a0699e5a581c31825d142c47f79e5a47582b0de182136b18e14cd1b86efb32abb5143618c608f408d69014d8b95fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
18f50ac5acdb84144f1bf39c6564c8d2

SHA1
d068d4ad65a028934661aa9f6d169d73179a2b41

SHA256
63a728fae7e14fa06c5fed87a0afd6e1137a5d2175cf344e3d72018418113a84

SHA512
81b0917a3ba71d1704739569156179e28e886559f55f457aa5b1f0129e47c628b2d4d3075c4fa5cf5f21f33b87d95b299103604257772fc2c1220511666bcd05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b9d40a282451447762b203061e8ce878

SHA1
a72c3beea508b76c0e59ac1f3e813022ddb55df5

SHA256
172265f10d6fe8ab92393039c2296a3a19b6259b0e0792f6b2de458684ba0dad

SHA512
342ab47634a28002b6a523fba36259665ab2472a468d61f7b29047cf13172d334b6d75e44d40d56f65e4cdec82395696b501432a6c6d0034d19857c92e2f5236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
07db97de58e313f2d89dde397890d219

SHA1
746a90f1d603501837ff4b6b0073fe500fcb85ed

SHA256
1b34e94dac8318cd945f684cd9bf1446796acf1671fe3c08b8a02e3277d1f1b2

SHA512
97c11b81f4dff53968db8424d5add702a7efff3e57731ecb6b08750a2628f3e86d90f95b8137cf64449a9d7303795d39b1b21dc4e2cded9d02255e34340cfe9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
97530600f1e13f8e52360b7bdcb0b440

SHA1
329552a0c414b3d39d33444b5330623db95e752b

SHA256
6ae4c42e5bb72ffa4bc5867b1f10b1bf957bb875fad6706757306d033be9afde

SHA512
fc54edf4184de8c78584b34613aa4421d7c7f6ecd427c05670b05963e59a87c7aec6da9e79c0e6d251e1d6c7c4eb8fbae3d9273df427c5672ffcc202a1f6203f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e569fac82966691820ca694721e96a97

SHA1
18637c53add09117b9e89c0ed573dc1a1e6cae75

SHA256
8cd87ccb07931ac0afba9d0674d02797295374f0f1901c7217ea4e71593be4c6

SHA512
517a9de61f8090deb48da78056e020e27188e3400e66d2e783c597d2461bf3978a9a4ffdf3a440bf6d3834e9dc88270525f8a536353fdf9159d23c88a9f61267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
9d9d8f356b39911d348765865ee156fe

SHA1
106ad785ec24cf7fcab01621bafa3e30c1f5ac70

SHA256
a5679b1f13e0588291aa836e5867a4542c013c8b896813fde365547272ed9c9b

SHA512
f9ade8d6517c25fba2af13eddae9d30f345a47d54c83af0f8d746dd418ece49ad07d1b00806789eb0080491cdaccd62ab1980d4660d76144576b090958ff2aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
0023bc6115ab999afa91cbc629c778c2

SHA1
35ee89695a6806d70b938ae14e4bf5d699194ace

SHA256
99d9bb0043219ac8593e98138d2874531bf1ceced9ead370b9fda15449917a8a

SHA512
6f7883331528d00416c7e5d4274601f82b131382dc550f1cfe7157beb6d00a962d7f246fb43b7e019a1f15f4efc65caf35b73619dc05ea922d41a917e3315133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a2789b16c602d9dc0651859bc88ff4bb

SHA1
146b9e626c107cef5848a21ad5e79bc3ab19b030

SHA256
952e4fb5cea957aef3e4d34d5afec5eac6eb4187bf4937bcfbb9dde0aa791dfd

SHA512
459e0101471f1f05ec53d6ce4a51bf72a12bc4f964a2bccea7eaef89890ad9a0b0acdaa2c1c3ced1207ba703670212b45461824e5427a596173f809096689b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
93e0e381f577ff9b3ff3033dd07f24fc

SHA1
a87018c8fd4f708d6be3f700389ed5433b4ddd3d

SHA256
7d666acca4b8e4d2d308c66ee88d39b1415ac479a598ba1f79e3e954736f277e

SHA512
039c5e71c0ed231c4506ef06c12a18a53e3c75a5b1e6fbfa5a1c309ff33db1ac5f2633969918f522d16d68cd8b60aef935b6e0cd2ea11b5b08ce2c21fa11d022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
65378b3eb12f7cbfb8aa9e24b0860045

SHA1
0363263189c16f6b41b547cb73cb1799c4ac51c2

SHA256
da5c4edec30de55e171687d3d55b9d09dff200be5b4c372d140a71389b87db32

SHA512
fc6499c3af27051db5b863d0d655778398082d23753f0a64b87fef440429beb078149b0c7029526f29db1490ed27000dece54036a075de5019385d9844294dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
832d2c915f9178630dd7c827e25b940a

SHA1
2effc74ef8cafac338a74a9e12b838147827a4f5

SHA256
845624b1dddbe8911224b5076e17bcb6f684634e904bde291fd77510b42750d7

SHA512
d0730808db5247b3a76ff9cd72cd4d1d3b875eaaeab8d8edd7c2812db1b3691ce88ef330eabab32626e2e2440c75dd3a96e062b08ff770687ad1811361605315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d5dc980709a06ee8362cf9ed5cb258f8

SHA1
2ff05ca71f3bc6b55449b0cb4e784eacb0fd7668

SHA256
9fe3a53fcbbf0c4845d4f4409e93718d249fa1279af4700cf39e1701fa17276a

SHA512
77b023f7375b82ad26b3b5534b62f8ec221cdcfe933a99e402155deaddd41fb23a4821dfa8ad75bcca67fa8e120bbc30c4a8fa8f2598602aadebc08bc9174d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
537dc2f0318140dbd72940ee0eac2eaa

SHA1
c40bd1ce6ba0f1af3c0d8386fbd710017ccdd7c6

SHA256
caa4aef4ca650f562767ea5466873fabcf00756b57492440f8d634def0c4ddf7

SHA512
3c13c9bc71edcae0ad83ea8318cb4458e5f315850e915dca92a75df8bd4a6d67b0bec5d0d2f20d5698e337b2de6765e13018771835922635f2c5ba8aab523081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
00438dcd709ae64651fff4ebc68ece98

SHA1
4d4974b9b77995931205e0a0b792bd68f152713c

SHA256
e5ab03c3c1653d636cff8c6a5d9b54b1e728c3e62401c2313fbac566fc5826ce

SHA512
5a2d88474cc87b9882149102f678fa7f96cfb4236071d64f5604633383dc90fcbe4554c766e6791582bf56d1b14380278f85a1d2c666e927753345699b16b67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
559f95e590ca4bed38685663a4ff3100

SHA1
801c20baf9eee68f48a14f680e4d3941b4671e86

SHA256
c2eecbce25c91cc486207123c8bffaaf5fcd34c28af26ad569deb049233652ea

SHA512
dd81b8b1b11905e5d5e40f1c99aa4ece857dd0f11e33a77a49b97cf5d61538175e2cffd0a9d4bde71ffd0294dc5ce0881cff1f7caa453e1f134784ed41494bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e2dd916eb63059f714eb629a8db90f33

SHA1
f460e59a91a6844ab8bdcdde7d99e7801213ba7c

SHA256
fadba0b76135bd1793add259efca470bb1c61b36e6f342bd5fc462a213f5b7db

SHA512
fa57be3a02632be8e18d4455839a74c60437a8dee2c417c5c1ccb06c148881e73ee673bf06fca840219d95ae16c370588f213b9438151f50f431433d68a24497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e84b0748d5e62b38875544a2024a8550

SHA1
114ae430ffdd8a7e58835fae937288df09671440

SHA256
7b842e65cd590bd2e93d63c956758671285455f50ca8997a314a53d434a680e5

SHA512
602a61d291d0c11a362e733c572345493bfd5694fad1dca3512318d2a597a48aa9119b8b736faadd4d029f2bfa12144dfdd21d9565a209986df643d712b4b9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4233fe9be2e85d20fa4190be97e70711

SHA1
61f55d9f59027f0d0f8cfe64d5685cc98c1f5463

SHA256
b746ae25fb84749a4eb0266332c4dbea14f652de25a60a01c7d887e0f51de050

SHA512
b12d8a542c63c9dc7b4846d30ecb1d57ce28e8ec0c0cdf1dc3e27a154412c912e067907fba0ed8d02d011e57cfcac14f53f078e7b8e8541260664250449c0675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fe08c88c9696329d3f6af9c2697fb5b2

SHA1
4fd3faf501de59dde8a5c73ea7c16f0eac775fa2

SHA256
146bab982191e7a8f85a97d3ff0d7144b5586f50093df1396ff031877488ac11

SHA512
551698217ef67f7e6202bdd73aa2f0cf009d1767206a17a3dc6ceb1077878752d045eaf8bbd5dbf201329d02d52616f5e0e4fed150f0df7b398fad2a270a1b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a848a545a8b68663e733f4f2ab4b3f05

SHA1
b31daaefcf1c5c5f6a928f1ae915cb81cd5e44ba

SHA256
5b80501613439f9fa5b48e2e296901bb7165a292468d7eb1ed3445b82331af0e

SHA512
db854175ceb93c85d3cece90600924714903e08c32df19a666954d3397261c6cbed050b9f247022eb7f25c25f60e67809b6c9004326849113c3a9a705d4b6f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e19bb5279ae033660fa5ca9ef2e057f1

SHA1
e5d04d0518d57cc5ce8332a012786792a1815054

SHA256
95478b81999e5c399b47a38a51595527722cb6614623f76ad625b799e770985e

SHA512
47d3170eaf449e0e24865e26d4422635d8932bba70b409ad5fff8a377aab4962caf2c531b15e224cfa7bbbdb893a4315fe90700c8c8db7a09a9a3652af7eebeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bc2f1be934f947f46af6af39ca70a506

SHA1
3be6a1b33c0a76e9e295f7c415e2357cbfba789d

SHA256
a00eceeb9b630069720ca928e338a5528f9b8ecc25c5f6c1f7d483b4fbc489b6

SHA512
02e6b9387e32bc9d75a91f41df9cfd0dacdf995e29b4cae1f30393758c161a9108afd4d59eab323b9b6459bb7383721681b487381e96041f38baa500f8110e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4581b0db866284b8b462d40722708942

SHA1
21c133514f266491fc2ad735636db01ec6782f10

SHA256
69cc4a71f69af651063ab2b01e654f6112dabcb9dfbedd1dce53a330923b0f03

SHA512
04953a567345351b538895acfecf3fe8eee4d4dbafc7bb6602b016a6c770939402032530f67dde87c862eebd4eec18dc66b738bd1e1d776dab26c4177923641b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7cf6a9dd3caba1237be879c539c71c78

SHA1
bb7adb3af5c5f6387881d531815b43f610f29936

SHA256
9fe15db85878f7d60509f1dd5ae76ce65a906c18d2502f64f767bb5c13fec878

SHA512
225f2b80ca335bd4ddd046b06c3ba20b6066bee8dda71f5614fac11c1b3ba2be31e5b1cddabb2835faa097d0e15ff3ecfe75ff6b0b2a6246f453784ab9241a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
941ea4c983b3cf877ce6e1aab38f2794

SHA1
c4fcce581d0660a0c96d0579aedb528a8168233c

SHA256
3d4479f291d239eec609801437c1962e41e19c53a3eadd2f95342167fa7ad342

SHA512
f47836cc619ea50f24d3804a697bb562781e812a65285959d7dbce53db8945cbbab2f9b8290ba2bd9925f620858918ddc676c082cdadae8444a9751d642a381b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
dee81ac30276b6b48e826163d7f2d699

SHA1
f9184e860f5ae127746cdaee6912a16d4722d81d

SHA256
70a5f410aef83886b105814dd7b7b0991c676aaac3cf2023b9fa8f59bd8424bf

SHA512
511e59dc2a9d69052e7247f112dac817c2538066c5b0c0c1634dac1705b6db7e9fffb918947c3fe4281bef407de4becf07e55de12694ee0ab5e55aca43b7b806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
9e35cb389d801f6b0ff80f5aaab12add

SHA1
5e28d4d0e010ef6ffd3832f76be2668021443dea

SHA256
1d1112eb776039caabf38be7a043715ee66ba622342cc7480b10d2dd0c027d76

SHA512
3e476ac3f5c9e2af35ebbba21bd23e295f1292e4daf8518709aebef3fc736b71990b66e9a14799ac3d7edece8cbc85f34a95d2a0e38d5692336b579257ef6317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13371040541051948

Filesize
40KB

MD5
eb7d88756dca2eba89ab9460fe833924

SHA1
143665657897880a4f3d42f7b4b8825d229c3e59

SHA256
a6ebe5d6de4934dc27c09584b25f62691461c667469aa69e26d546ef39b22eca

SHA512
bf298cfa453a729edeea09074cf4f54a9b3e9e3f6444dacde67d9430c7e42be5e5e9a6976823fe9b37eddd5bc3eb2ab03285b937493e8c024f6efa9ad701c1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13371040794985509

Filesize
48KB

MD5
157387308d196c4283ebbd579cd89aee

SHA1
c44d5673c471d0aedbfd2ba43483b1d374793594

SHA256
ddf1166139d6269651515e4b36471f35d5aa59a9dfb9c4cb400a95c6f634681a

SHA512
778bb0f3674ad638b05959722571978763c1dfbdb9b44350f100c4a671cbd808fb47d65897e9b7e2e78c2553f056075621e5f59ae23462618190997dec01c8a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
f42bc58a6dc33df13724ec2825877b58

SHA1
2210c70927ae4d4fe7abe51f445f103e512be439

SHA256
c977c0b9a2d60886c3fd19977a4dbe3e9d44ccb68d825f551f860f186f3e4f3b

SHA512
1f51d723bcad08e9d94b8eaa01826479006ca3f47a8b1c3fb9601230a54d8fc3a84029b1a63abe5f8e8a3623b284a849531cc2bc4c8a7f458839d8a7eb984acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3bf562e325bcda5095e66ee3313d9236

SHA1
5ca6a98db9afb4b5def2df9a9483b401c1dedd42

SHA256
906a5af9b3150e789e2c30b787c80de677964eb5521c80672ed0c5e238e589d1

SHA512
b8eea6fee8f76bc58d3b953f2733a8c9a3617d5f780a585085ff4c8e4dbfc5c5be5a22a1ecbbe0a9869747a017a8489afe395521aa8711381dfc589c5c7a6858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2560a062f4390b73df56ab08f0c4e0aa

SHA1
0f0b3b14267d1976966a16f77b91f308646e9849

SHA256
852da16934644ee9f23417da08cd0309ba910018aa18d21715e7a3ea007fad90

SHA512
bf5c56e3a36941fde3da83bb7af42e6dd645d6ec4cd1ee49a691f3de9431ffbd6c2302cfc735deeab0510b988eab536eb491ded8027d2089809389b73a6f2815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b9c1eb275383c71e094592e01c03c5c5

SHA1
dceebb45f332508ecf6b000a9eb5239dfc3e7f9a

SHA256
f839412748009ef14de399350fb2af8a6b7d9930320ba9bd5cc310f54e106601

SHA512
b0b642859d6751ecb5acf9618d8dad8a3d068c321ebd5c7eb968eaed7cd6ca1ded4fa47d4caceb4da1446e9559f4923f96b2db59bfe70a4b48501f486a911a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3df29ccade9e41e0d26c265d6f4a4a7d

SHA1
62139208ab699e16787e580af8463a92b93f3bcb

SHA256
5b4a970590dc4badcce100dde8f975ed13c74d8033f2dbd56e8982b5adf28bf9

SHA512
2567b620d8aeb936badac8a35e437ea06c228d936e4669231a1632cd9eec23f295a17d8e78d94712bd157994cec04616e6e4c5f7dac3229f15e674d189ea52e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
00bb94b6ea993bb95e7d6314b5f2b1a1

SHA1
22b199af9c81b5f5afe5bf84e233962d86565c76

SHA256
06cfdac35d92f95655fd2b0d85c264ea9adaa6d72769271a2096332351af79fc

SHA512
dd319df07252f13bb4ac9a7997e4373e2bfc05192c0d535ed1c3775174a52eeaf873420f3e0178850487808bd06040e65e864918a1e618899886c96099e5bc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c7dd2f56b502b13b2917fe524599645b

SHA1
57c358c56d72a6fef724930addf36241071711e3

SHA256
9803850bec01f04936b005d25662a09c41982e37b9f17af30402a76f08546f82

SHA512
74794d3f4c988824bdc8e9ecec68d529a218b0bc7a3ebaf1fd0ffe80f959e0455767dae78c014a5be1504f684f5137435da39db2d4e0f6ddf2bd535746d39cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
129a98ad623f856236273026f1606591

SHA1
f563fed8b6098c556a78c451aa7fcb904cb4f510

SHA256
ffe308c42eaf670345be7bad646aaa3636a6114e3f8bf0fb269922a157503186

SHA512
a7960e9030dab721902a08d851f1c149f66c425e7c12f4c57e6331fe0647af77eec2f05a6e0bf1ee6fe6001beb90942c97fe82bddfe525a153ebd075463ad7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4d0dbb9dab5fc2ecbf5b851a141e03d4

SHA1
704da0b83c18032e3f2a9869b52ecdf8d2de0e06

SHA256
281af2417a622f37d4a476ef3befba240fb72f194e8dd4835b34f0322c00df5a

SHA512
e9d7731389f57289e2a7862e4abec18f7e0499b0c6c8a1cff7e3088a2a97958ca7dc90c80cbd5a26da978e480bc5bc675f9f9f9abbfe10058ff542af22989060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a04d.TMP

Filesize
1KB

MD5
403fa62fb304a4cbe8ae5727a62411e1

SHA1
064572008d005a5dbaa8c2f8af6c92822264a498

SHA256
4d2ce825f3a7deb34aff93d7e15184eee7b23cb97f6871f8cd671f319829549f

SHA512
1db42b867c5eda128e3cf188d20ff886b5cbaac62f4cfdc6984f1de1b6020baf983d56a3c7f66bbdb8238253e84cc2734503e56d9bafd260e9161d707174e388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
8c68960978baac80902617b274ec9b28

SHA1
1c68eda8133221332535d50e428607e298d3d375

SHA256
ccf052109f03164e52d72e012ad1aa673bc19d9dc518b0bfffaaa72070e0cc2a

SHA512
c2dad2aa44a8c170a6cb8d4136722ef8497e211d469683f39fe3674ab7e03a810130834875b24f3559551559a46d2ff28f428ca7e643cc206460b025e07b8ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
a0e6330f78ad2a55baae9ebccd580800

SHA1
da8bc5d2d85844349b1da6bbd59f0c9817fbb749

SHA256
ca2175b44778d5d51482712ef0ef886b7fb527b4a8d482d722364cc348f3a3b9

SHA512
5c9bf23294fb799838ae5a0306e533fa5a4151017c921a39b79a1cdf9a42517de1c34b89124b39e149bfbfacba7a7c65e738df744f09035819fa6cb2f6114dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6671db8c02f3c234bc5b756619a0ed77

SHA1
ff451a14cdd61df48cce4448f118377af77da143

SHA256
f7858098c26ef2a143b0e7cafbc03040c3c1c3185f446517108a7bdd2a6d9c4d

SHA512
1c6182196ec6086d5316c741f974e6ec4efcedc3eb835ade8df2762d2ff245f055c05ed95e06fea3e04fe3a08e9582846cf2588c31fd69fc4978440039604ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
16147da23dcf6b5a50a88c337f9cb424

SHA1
569ecb632bc204c8757c79e76997b0534014227d

SHA256
6f55d3e66775c51c4a04781226c023846c6de7ce6080ba7ec447606ce6fd3f60

SHA512
a791706f09b8ccd5152e341950b2208f854f3f3bea4d54d533d2ae06bb97cc6745f07e8685a08c719b0be792ee423f1234ff5f394e0d9573be76caddb097b4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
77b05eb9c9f72af0e7e6ab42a4087452

SHA1
a500545f3d0e0514195f32770aa40418b480dd4b

SHA256
2f3e3222912aa215869ebfd6e789abd39577e0ceede38a75cdd9be61fde62851

SHA512
b2f2d6d078d1a46659a65c9f084ceb4f2577da6d1083784a404db3a6fe2701013bf1956a32ab9b74b46e8ec87bcc256d3126a6133401f3fb9c48c0e55eb4e40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6f28efeb8f546eca2289e574675c0ea8

SHA1
e11b1a8fda56a86e25467cbd09fe1e7ab36dbb09

SHA256
b6d9e7ba303e721938c71994f8cd83d412bd565d3672ddad543f54e5af089155

SHA512
bfefda87c516c3d07b9a7cc6ffa37a4560e0f6f94bb63a622a1dee1b07cb2c56f4b66a63e493ebd0af7241cc51cd885fe6d67b3c73c7136a6e85fcf031b90b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09f782bded073129325d9f6f6515c955

SHA1
0cb1172104dbc38e2b66e72c06e5f7630d373a7e

SHA256
ce6eaa5c76b5decc89f561f8851a75804ec673b2716b99adcf2543bd29b83056

SHA512
72f53f2fea7d6532d3e3206548c74563d6a83e28f1f4ee1d9528cd4d5a683b08235ba96a3717037f11953fd63f61100eac4bef4c3526bc07e9c79f6b84733129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
057fcf23a4f7c4c15d083a97df1835eb

SHA1
72c4ddeca11e3668e1fc1e2a9a93be65441b38b8

SHA256
37915a1b9f00e21470526a4734b8ef2336fee22e83d79743d3d62377aa03d3be

SHA512
0c75aea64b9a04d40f3dceef36efcc361043e2fe84292035ed883a267c9426f43b28c4dc1c025ce07be452600ffd42e7b4e4acb6ee8ee7328271028329055930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c2216ba534cce7b2c1e8aee99f5dc1f

SHA1
22a829956f0be3509383090c15a4453f65195e24

SHA256
cabb6962b175df0db02ca954afba0534e935721b8c3dda71ee08baa994fa8758

SHA512
82940840f0f807bc6336c7b0f89371f6d021f8277afddf9fb7460cd628794070276b67790fa651a56cb860362055782952a67b5531069d93ed13a3da6f47b5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9c4c5adacc3c430629fe4ebed48834d

SHA1
1970d469548c0217fbc4948f50918f4000447dfd

SHA256
faeba9883e5d958a654153541336459b708dc0bcf834a72a9f2b40f9ad237054

SHA512
d7f6304b0fd52740d089ec07f6fb30fc7e7af012e3ccf87ad300b23fad69920d30895f6fe28ea2d79b7c8ddfb1893af21738132c94d975bc2f077e08cf959e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
023c72c932b8806621f0f613feba8979

SHA1
67bd59591fe394567310b9efe94d81da42e1657c

SHA256
e9c9bce7eee54ccd0823fae5d6113035d43ef1fd743703543f7a47aafdb8e40e

SHA512
8b8dc19a897913a4bba1d2081e6b2642cecbb9337505fedbd7540f1c1f24ac98c82e7665e4e01e3905ba2320f4c9dbb374bb1932599ac5eb32e0501da43afdc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38e130bc78b5bb2f40a4ee3dfac892b7

SHA1
e5c59fa7a25cd314858b34dbb37e97fe9a6b44e0

SHA256
8d420b260728a2218ac5e8f5ae369f9658f15a62a15ef59e011f761b8673ae66

SHA512
306410a1aae2ae75208597e735c1cbc8f41d96cb4cebde6c3494ef634e3f42fd2a865284c1856d13b9b68658fa5ef30e75c50be3169f4a0c8cc17b1d9728d94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89742644f9dbec187d4af0a4059b36c7

SHA1
f692836fff1578923fea71add3f3606cf5a573b0

SHA256
04e8ea4aefb348b706095650bd112b73771c7825b591f425b405aee1a255da75

SHA512
2ad1dff8abf1e01c679873d81ee9f67f88ef685a9ef07c3d15e3fd8c88f9e22ddbd7b78e342a2f27de9bc8a14ffc475a4358b4f6a2665fdf23caffce535393eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b06ddfd953e2d5f4e238c39e5ee99b8

SHA1
f23c0330c623a8cc93de6f3822c94c03891e06a7

SHA256
c15cc0126336e33238631c5321c92df0dd73b545297bf8498696330739d0796b

SHA512
bd80ea9f933299c19584b55d545aa175c91dbd2d4c22918f80207b51884ad51d6ad10ad98f8168e0f526d7e0052ad1aa2afa238f147efc3e9cd8d93feea732c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af51c2491b65a9223fd9c4096b061d96

SHA1
abe78f5628c806cc658a8981218f98464bc9cd72

SHA256
486f14b43baf37468f845cf0fec92e8e66619d54461917992ee0b12676432358

SHA512
3f241a7431a88bd1763901e91ea0e9e96380c6206571132ed7b6ec9198646168dd577aee021118837a0e6cf9973f43ff4f8fc2d93e9e927e1eabcba31e92407c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3758539d1b8808b2a0bf288700e8422e

SHA1
c3a55738ab32d821224a6f5c9176a0d2345b08ab

SHA256
0cfc14010a2a8ef6c2ef021777442400a2859b0322086d7d8b3db4ac22bec09b

SHA512
242632a9555bdfe9a3b105843cda7a5fb4479f70b51b619932727a2a2da4910dca4268a8ccd7e1250ec0dd7037f272094bc60c0e654fc4c0834ebfb57c0014de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5e8f2d56f73c776ff496123b3853de8

SHA1
ab410cb46c0704a7df76ad132cf2474c21ad9ebc

SHA256
4b50fedc81d46402eb5e812124751ccc587bb9b1bdc3a4315ac82d6cd8fd6793

SHA512
deff22b39674a7be18f0b3168e790334841d2626d66a0393f3f74905624cc0f8c5769f2ee5101c5815b788c0732acf89e50beed9cd2f2fb05fd9b26e37437509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5b940e4e47bee058a0dda5c2060a255

SHA1
e46d55a2301c2395e0c829d4158d733479cd3418

SHA256
8ed97ae6607e16621a3f4c6eb6addebdfd80b780da1858694ab671f3b7ff85e7

SHA512
ec27a6459394c3dddb70b1980e5193e482b5bcd1f1c1c9f1b87988b4273583546f41163eeaa9c6a396e872157d3309995c8d968b2370f9f638ba6cb1cc669d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c38dd7199c4456706b22b36216c35afb

SHA1
fbb44bd8043c6f32c991694f3605c6e6860c4e46

SHA256
3c7b703394e019e3796088ba7973f5d39760756e8aa925dd4babb71732b8c980

SHA512
0a30d93f58e8cd0cbe13db9f775c1d84509034273a06bce5d167a7394f3836e5c105a07c4147337a87c04627125331212017d10a372df9c1f20e26f33b0db378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5666425737fa67648714dad995aca40d

SHA1
520f926cb7f0cb116c2a5812c54f68a7a483ef3f

SHA256
1369f04f2e77c868356a8b841af9f4742be8901740c133dad75c1e35d8a2ab93

SHA512
fc2ff92316b8dd2b668fe1e60bf5695f1d29dc9b652626dc498cb4fc5ee67826c05886cd353bb46480257a866565d257d54e4ae30626dde1b101dbc45e0927c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
992f236e542718ebf6e5720bc5682e82

SHA1
2a01aed38712e55711298fa418ebfcd49791de21

SHA256
dfa2ae4d1fb0df2bfc8d451498acdae9db09584d0f18113c554d2abe794bd4f0

SHA512
3284598555ae23fe675c67bd178c4ff63f1e6e102ee930be87f81f5db7ec57fc6f2deb123ff99fc084d38f8ada5d1f49f601080cf0a633f4b6eef6628a9b97bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03b939bd026542ce427a6322be6c2c4f

SHA1
af1e3eb141618608ade98013af14452723dd5770

SHA256
0062820a6a3359620fe2ed33f4e8d1ef0ca4161966d09033fdb9955d92c161c5

SHA512
f2c6c68ba18fd4d107d206a9078e93c1e7e39b8fdf2da7eb510bbbabe91dea71036840a0f1a910061070d8db30a00e44b6000610b8514867fe8b1f2668698a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
763806e76cf0a552d49b5f880dff9526

SHA1
978195d362099a1498c8c86fdd3361265eef2ce2

SHA256
d2c7c8d944b3e22d8e94133f961f0d5151e0146a118ef09f00be6d00e89070bd

SHA512
1a498bee64dc81465fa266b400a224213c2acb55e92c862e6ca8906a3a3d8ca66858ebefc9af8153ebe2f0ad83601c5b8ea36a28ae9f6ac65a7f0f979301578b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc98f7c0d18b1e81f58174dfaed5a97c

SHA1
37dda59c58307ebca53b4372e6afd7e5d905ee39

SHA256
d5a1466761149f71b9ad018ac2ff68743eac9517219766ac45a569268fcacef9

SHA512
fc795673f3b6b9bb46dd382e4e256b55fb29e5a03f258190a8aa803343553c8bd42875065baad3b9c3223e930d629ed03c7796753734ad53f5de3e5ecd9e87d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
607dac6474583ccbc0eac470c94c0d42

SHA1
a318c2592689302cd1a61ff17ef45422bc69ad21

SHA256
675af6dae09916334b942d991e685ae09030e756f929506c6d07837f5386cb1f

SHA512
0e5cc8f1d3009c97b63a899f444d3a58f2aaef4f7d32a5754993b8f8eceb7e7e64bdc135edcfc27aa96a02e3d70436899ad6a7d4184846492ccd5c35ef0c099e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18de4318fd6c935899398dee506856e5

SHA1
b6f16363d9970732755a61c776d8535e0ab754e9

SHA256
9785c6f180a1d6d181dbe06965d7e58d6774a1faca84b5c8549a05853c21af51

SHA512
1447221ae513e4680b91e810281a776077fa963ba2b0772f06ca69c84df5f9d3c954ba713eec979d8498817a70b4095f38586e282b411c185fa04ced1908c69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13a7b90741990b2b77de6bad16544011

SHA1
b191f938f6be4c6b08f9ac6511838f3d737bd41c

SHA256
fb7c1c906ed0c994c1fd73e9757af7de99005a7f0450d1e1559f704dede30197

SHA512
25ba14b77168ac088525aed723b020610f5a51602157f11d053d3f0419b17c408ac69af271e08dfed19f0ad4625953925c3c310cc1d22f928d02b7a86ebe60bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f2ab041d0bac29285f46ffd03c3c308

SHA1
756ad760338ab811bc2d02319362c7d3c546742a

SHA256
bdf5964c08955096fe9c8d693003c27053ad37e73534857f07c7974f8bdb173b

SHA512
0a974f03e31f27de4981b9c0be29b029798b0f4c1343bfa60f756d9b216f0eaf6d961f353c3341d485eefed51236f84bf9240230ef8f535569add39bea8bd1b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
573132efc4cffc21815313c899636b47

SHA1
a5a71088aad429f4ddab663ffc3ec120d97ce547

SHA256
3210d612421d4e9e7c0ff79a3f28361b1a085855ba2f54b82f5c98a187eac52a

SHA512
2d03c012eea25d358d28de6be08b80901fedf9482a7f540f10dda091dad41f3e60ff284cae5e48d0ed87f787459764b1a4a8a2d15cabcf7700437b631de34a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53a36eea7bd954c50220bd999cf89c64

SHA1
f856abb389c218056c4dfa5acb7572a37f987be6

SHA256
17a1018598f93ef9125c0f20566a12249b26b059e223fdbbd4d883c852c0ba79

SHA512
fc376cd8febdcd06b4ebc38f6344beac11c0a9208860a63876bfd3a71d561a1d6741983b311647c7605bc9f59d4e842bdd910f83543c99ecf86740d0f9c3f734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4340856105b06891a120cae87f5fe8c2

SHA1
7409e14769150698f28dd4bedaaff34056a8179c

SHA256
aed5703a4095b596615a5c3853d2b35a1e14000c28c8464357dc2be1e5662c03

SHA512
1a062812d75216497ac0086784e3839950d3d2e095ab0916b9b77ec9d35318fe1815e4ff4d7df6a15a76dc50e301b0fdd97b3a12d2d71499c3098ec6444c80c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8606fc10aea091a5beefc81c86789eba

SHA1
d2f412fc1b2eaa9e450e10925c9cdcbf70a0a07f

SHA256
11bddabc1334429d8cbeecbc373723e1d8ebf56d1d349905a3b118162796aa68

SHA512
49c8146879e70fe8389aa47be0790ab22b847fd6d26fd6223aed9f96ec3d82a7723288c5bb39fe6a7b51fe119ecca0455c8b693b6cd085c452abbd18f8ea08e7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Desktop\ok.bat

Filesize
13KB

MD5
4e2a7f369378a76d1df4d8c448f712af

SHA1
1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

SHA256
5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

SHA512
90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

Download Submit
C:\Users\Admin\Desktop\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\Desktop\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\Desktop\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Desktop\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit