3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Analysis

max time kernel
990s
max time network
988s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 04:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe

Enumerates system info in registry 2 TTPs 27 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	calc.exe

Runs regedit.exe 2 IoCs

pid	Process
6292	regedit.exe
7156	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1668	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
4384	MEMZ.exe
1668	MEMZ.exe
4384	MEMZ.exe
4384	MEMZ.exe
448	MEMZ.exe
4384	MEMZ.exe
448	MEMZ.exe
1668	MEMZ.exe
2896	MEMZ.exe
1668	MEMZ.exe
2896	MEMZ.exe
2896	MEMZ.exe
1668	MEMZ.exe
2896	MEMZ.exe
1668	MEMZ.exe
448	MEMZ.exe
448	MEMZ.exe
4384	MEMZ.exe
4384	MEMZ.exe
4940	MEMZ.exe
4940	MEMZ.exe
4940	MEMZ.exe
4384	MEMZ.exe
4940	MEMZ.exe
4384	MEMZ.exe
448	MEMZ.exe
448	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
2896	MEMZ.exe
2896	MEMZ.exe
2896	MEMZ.exe
1668	MEMZ.exe
2896	MEMZ.exe
1668	MEMZ.exe
448	MEMZ.exe
448	MEMZ.exe
4384	MEMZ.exe
4384	MEMZ.exe
4940	MEMZ.exe
4940	MEMZ.exe
1668	MEMZ.exe
448	MEMZ.exe
1668	MEMZ.exe
448	MEMZ.exe
2896	MEMZ.exe
4384	MEMZ.exe
2896	MEMZ.exe
4384	MEMZ.exe
4940	MEMZ.exe
4940	MEMZ.exe
4940	MEMZ.exe
4384	MEMZ.exe
4384	MEMZ.exe
4940	MEMZ.exe
2896	MEMZ.exe
2896	MEMZ.exe
1668	MEMZ.exe
1668	MEMZ.exe
448	MEMZ.exe
448	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4020	mmc.exe
4740	mmc.exe
1468	MEMZ.exe
5744	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: SetClipboardViewer 2 IoCs

pid	Process
4020	mmc.exe
5744	mmc.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: 33	4740	mmc.exe
Token: SeIncBasePriorityPrivilege	4740	mmc.exe
Token: 33	4740	mmc.exe
Token: SeIncBasePriorityPrivilege	4740	mmc.exe
Token: 33	4740	mmc.exe
Token: SeIncBasePriorityPrivilege	4740	mmc.exe
Token: 33	1780	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1780	AUDIODG.EXE
Token: 33	4020	mmc.exe
Token: SeIncBasePriorityPrivilege	4020	mmc.exe
Token: 33	4020	mmc.exe
Token: SeIncBasePriorityPrivilege	4020	mmc.exe
Token: SeDebugPrivilege	4972	Taskmgr.exe
Token: SeSystemProfilePrivilege	4972	Taskmgr.exe
Token: SeCreateGlobalPrivilege	4972	Taskmgr.exe
Token: 33	4972	Taskmgr.exe
Token: SeIncBasePriorityPrivilege	4972	Taskmgr.exe
Token: 33	5744	mmc.exe
Token: SeIncBasePriorityPrivilege	5744	mmc.exe
Token: 33	5744	mmc.exe
Token: SeIncBasePriorityPrivilege	5744	mmc.exe
Token: 33	5744	mmc.exe
Token: SeIncBasePriorityPrivilege	5744	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
4984	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1260	mmc.exe
4740	mmc.exe
4740	mmc.exe
1468	MEMZ.exe
5044	mmc.exe
4020	mmc.exe
4020	mmc.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1940	OpenWith.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
6404	mmc.exe
5744	mmc.exe
5744	mmc.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
7808	mspaint.exe
7808	mspaint.exe
7808	mspaint.exe
7808	mspaint.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe
1468	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 1668	4172	MEMZ.exe	84
PID 4172 wrote to memory of 1668	4172	MEMZ.exe	84
PID 4172 wrote to memory of 1668	4172	MEMZ.exe	84
PID 4172 wrote to memory of 4384	4172	MEMZ.exe	85
PID 4172 wrote to memory of 4384	4172	MEMZ.exe	85
PID 4172 wrote to memory of 4384	4172	MEMZ.exe	85
PID 4172 wrote to memory of 2896	4172	MEMZ.exe	86
PID 4172 wrote to memory of 2896	4172	MEMZ.exe	86
PID 4172 wrote to memory of 2896	4172	MEMZ.exe	86
PID 4172 wrote to memory of 448	4172	MEMZ.exe	87
PID 4172 wrote to memory of 448	4172	MEMZ.exe	87
PID 4172 wrote to memory of 448	4172	MEMZ.exe	87
PID 4172 wrote to memory of 4940	4172	MEMZ.exe	88
PID 4172 wrote to memory of 4940	4172	MEMZ.exe	88
PID 4172 wrote to memory of 4940	4172	MEMZ.exe	88
PID 4172 wrote to memory of 1468	4172	MEMZ.exe	89
PID 4172 wrote to memory of 1468	4172	MEMZ.exe	89
PID 4172 wrote to memory of 1468	4172	MEMZ.exe	89
PID 1468 wrote to memory of 1268	1468	MEMZ.exe	91
PID 1468 wrote to memory of 1268	1468	MEMZ.exe	91
PID 1468 wrote to memory of 1268	1468	MEMZ.exe	91
PID 1468 wrote to memory of 4984	1468	MEMZ.exe	101
PID 1468 wrote to memory of 4984	1468	MEMZ.exe	101
PID 4984 wrote to memory of 4976	4984	msedge.exe	102
PID 4984 wrote to memory of 4976	4984	msedge.exe	102
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103
PID 4984 wrote to memory of 1540	4984	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:1540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
      4⤵
      PID:632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
      4⤵
      PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
      4⤵
      PID:4172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
      4⤵
      PID:1268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
      4⤵
      PID:4164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15314251818513466741,12607918421288411690,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
      4⤵
      PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
      4⤵
      PID:936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
      4⤵
      PID:812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:4164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
      4⤵
      PID:2636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
      4⤵
      PID:1372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
      4⤵
      PID:3528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
      4⤵
      PID:1276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
      4⤵
      PID:4856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,11888902711653366992,14024208241659301549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
      4⤵
      PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
      4⤵
      PID:1012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      PID:1404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
      4⤵
      PID:1800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:2852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:1528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      PID:4404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
      4⤵
      PID:960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
      4⤵
      PID:3348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
      4⤵
      PID:4676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
      4⤵
      PID:3368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
      4⤵
      PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
      4⤵
      PID:3468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
      4⤵
      PID:3488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
      4⤵
      PID:2424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
      4⤵
      PID:712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
      4⤵
      PID:1032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11220851761431109754,14006374473125309726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
      4⤵
      PID:4076
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1260
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:1104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:4024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
      4⤵
      PID:5016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      PID:904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:8
      4⤵
      PID:5108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      PID:3404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
      4⤵
      PID:4172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
      4⤵
      PID:1176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
      4⤵
      PID:672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
      4⤵
      PID:1756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
      4⤵
      PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
      4⤵
      PID:372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,17525211258262655470,11416277891591290494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
      4⤵
      PID:4752
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5044
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4020
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Suspicious use of AdjustPrivilegeToken
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:3756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
      4⤵
      PID:2584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
      4⤵
      PID:4260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
      4⤵
      PID:2384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
      4⤵
      PID:4040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
      4⤵
      PID:4584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
      4⤵
      PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12798992471828737801,18209901614973803468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
      4⤵
      PID:4344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      PID:4564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
      4⤵
      PID:3668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:4348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:3404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
      4⤵
      PID:4512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
      4⤵
      PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
      4⤵
      PID:408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
      4⤵
      PID:2280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
      4⤵
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
      4⤵
      PID:2168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2946461256973217979,283609571635822347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
      4⤵
      PID:3804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:1204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:3156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
      4⤵
      PID:2212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
      4⤵
      PID:3448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
      4⤵
      PID:1092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
      4⤵
      PID:3524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2493487341614509549,195305342877508083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      PID:2876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
      4⤵
      PID:732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
      4⤵
      PID:3076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
      4⤵
      PID:2412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
      4⤵
      PID:4416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
      4⤵
      PID:3712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      PID:4764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,14496968566618377729,14089058730202430361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
      4⤵
      PID:4660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
      4⤵
      PID:1564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
      4⤵
      PID:4228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
      4⤵
      PID:1372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
      4⤵
      PID:1496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
      4⤵
      PID:2828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
      4⤵
      PID:1428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
      4⤵
      PID:2912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
      4⤵
      PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
      4⤵
      PID:2372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
      4⤵
      PID:4476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
      4⤵
      PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
      4⤵
      PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
      4⤵
      PID:216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
      4⤵
      PID:360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
      4⤵
      PID:1348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
      4⤵
      PID:4076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
      4⤵
      PID:3804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
      4⤵
      PID:360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
      4⤵
      PID:5284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
      4⤵
      PID:5376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
      4⤵
      PID:5780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
      4⤵
      PID:5872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
      4⤵
      PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
      4⤵
      PID:3712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5692 /prefetch:2
      4⤵
      PID:5628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
      4⤵
      PID:6056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
      4⤵
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
      4⤵
      PID:5632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
      4⤵
      PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
      4⤵
      PID:5872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
      4⤵
      PID:2496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
      4⤵
      PID:5280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
      4⤵
      PID:2560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
      4⤵
      PID:2224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
      4⤵
      PID:748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
      4⤵
      PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
      4⤵
      PID:5396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
      4⤵
      PID:6156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
      4⤵
      PID:6256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
      4⤵
      PID:6608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
      4⤵
      PID:6708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
      4⤵
      PID:6720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
      4⤵
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
      4⤵
      PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
      4⤵
      PID:6776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
      4⤵
      PID:6316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
      4⤵
      PID:3928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
      4⤵
      PID:1956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
      4⤵
      PID:4864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
      4⤵
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1
      4⤵
      PID:6164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
      4⤵
      PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
      4⤵
      PID:6768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1
      4⤵
      PID:2712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
      4⤵
      PID:7220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9708 /prefetch:1
      4⤵
      PID:7600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
      4⤵
      PID:7708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
      4⤵
      PID:3996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1
      4⤵
      PID:6384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:1
      4⤵
      PID:7812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:1
      4⤵
      PID:6752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
      4⤵
      PID:5624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10440 /prefetch:1
      4⤵
      PID:8144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10328 /prefetch:1
      4⤵
      PID:7856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10704 /prefetch:1
      4⤵
      PID:5548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1
      4⤵
      PID:8060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:1
      4⤵
      PID:7756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10736 /prefetch:1
      4⤵
      PID:8500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11012 /prefetch:1
      4⤵
      PID:8596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:1
      4⤵
      PID:8972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11248 /prefetch:1
      4⤵
      PID:9080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11144 /prefetch:1
      4⤵
      PID:8220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11368 /prefetch:1
      4⤵
      PID:8416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:1
      4⤵
      PID:8688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11608 /prefetch:1
      4⤵
      PID:8772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12384 /prefetch:1
      4⤵
      PID:8240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11544 /prefetch:1
      4⤵
      PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12204 /prefetch:1
      4⤵
      PID:6444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12532 /prefetch:1
      4⤵
      PID:7752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12792 /prefetch:1
      4⤵
      PID:7736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12992 /prefetch:1
      4⤵
      PID:7120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13104 /prefetch:1
      4⤵
      PID:7700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13284 /prefetch:1
      4⤵
      PID:9280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13508 /prefetch:1
      4⤵
      PID:9352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13496 /prefetch:1
      4⤵
      PID:9360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13900 /prefetch:1
      4⤵
      PID:9444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14028 /prefetch:1
      4⤵
      PID:9520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13304 /prefetch:1
      4⤵
      PID:9592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14316 /prefetch:1
      4⤵
      PID:9680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14128 /prefetch:1
      4⤵
      PID:9820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12960 /prefetch:1
      4⤵
      PID:9828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14856 /prefetch:1
      4⤵
      PID:10008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14736 /prefetch:1
      4⤵
      PID:10084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12552 /prefetch:1
      4⤵
      PID:10184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13500 /prefetch:1
      4⤵
      PID:9276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15324 /prefetch:1
      4⤵
      PID:9612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15044 /prefetch:1
      4⤵
      PID:10524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15268 /prefetch:1
      4⤵
      PID:10532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15308 /prefetch:1
      4⤵
      PID:10672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15600 /prefetch:1
      4⤵
      PID:10776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13868 /prefetch:1
      4⤵
      PID:10784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13856 /prefetch:1
      4⤵
      PID:10924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15760 /prefetch:1
      4⤵
      PID:11172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1
      4⤵
      PID:9556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15468 /prefetch:1
      4⤵
      PID:8408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11956 /prefetch:1
      4⤵
      PID:8932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11576 /prefetch:1
      4⤵
      PID:10680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13572 /prefetch:1
      4⤵
      PID:10324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15776 /prefetch:1
      4⤵
      PID:9584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1
      4⤵
      PID:10636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1
      4⤵
      PID:9376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14484 /prefetch:1
      4⤵
      PID:7932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13968 /prefetch:1
      4⤵
      PID:9516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15864 /prefetch:1
      4⤵
      PID:10632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13980 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15744 /prefetch:1
      4⤵
      PID:11188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15524 /prefetch:1
      4⤵
      PID:10436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12772 /prefetch:1
      4⤵
      PID:10648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
      4⤵
      PID:7064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14280 /prefetch:1
      4⤵
      PID:8464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14484 /prefetch:1
      4⤵
      PID:9460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15696 /prefetch:1
      4⤵
      PID:8292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=15320 /prefetch:1
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1
      4⤵
      PID:9376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1537982159743937960,18318397195093284058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14544 /prefetch:1
      4⤵
      PID:1640
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:4640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:3852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:5732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:5128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
    3⤵
    PID:508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:5580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:6012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:6032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2976
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:5392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:6544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:6560
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:7024
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6404
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:6536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:6276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    PID:6512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x94,0x134,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:6496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:5500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:2412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:1696
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Runs regedit.exe
    PID:6292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:6972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:6484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:1840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
    3⤵
    PID:7540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:7552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:8120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:8136
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:7808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:7740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:7760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
    3⤵
    PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:3932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:7172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
    3⤵
    PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:8440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:8452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    PID:8904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:8920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:9188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:8624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
    3⤵
    PID:11096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:11112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
    3⤵
    PID:10360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:9896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:10484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10488
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:10872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
    3⤵
    PID:7872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    PID:7364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:7444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:10024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10180
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:9356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    PID:9616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:10628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:10840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:9432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:6904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:5996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:9608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
    3⤵
    PID:10636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:8284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    PID:11232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:10408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:10684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:10816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:8772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:3396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:9868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    PID:8012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:11000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    PID:10720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:11208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    PID:9244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:9228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:11100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9595346f8,0x7ff959534708,0x7ff959534718
      4⤵
      PID:3424
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Runs regedit.exe
    PID:7156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x43c 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66b3119b2f10deed80de4378dd751ef4

SHA1
5a1710e0190ccc696a2c604902e2b0ac1e237fe7

SHA256
9ab971efc7f0f5fbb0fb86fd5f0d4a9e1eb9c1ee864f0f0289731a8765ffd128

SHA512
780f6997c80a9f2e8fb3a1c09e1c7bee69674e2dcf23bf267bf54658adf795b4e672d1256bf6ef8d3f1e153396ee0cce34d0ac522a1ba5118bc542f886e7d309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c87399c4c920098a53a23b177aac9a2f

SHA1
825b5bba71623aa16d999b4c5f1a0e685f3ab802

SHA256
3b5f86a6767eb664fbe382c61967230bc96e199e38f223ba815349ff1412d8fd

SHA512
56690d9220b0825c36a0d38a1a6cbd2243476949baa77db818e87011f7bb3b0bf1a1514fa626d322a6339b1472f3ffcc4adc39bb9b0383e8eeecbaf673f549b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
feb3e5748a107fd8fdad287139bcc6f5

SHA1
185adf242dd7863d7c33be328f3f0476bff691b2

SHA256
d3a1623c1d99fd6cc3e89f9084ad012dee21cb4798d984c2940642ca8d6757a0

SHA512
8000d1e28e4b4503c47835eef511972b0838ccd870b6da4dcba87ecefa68307049dbe7d5aee180d7cf468a1fe5060269d9d1bb8fce945149317f73c84b9b1f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
239ab2d9e8a0577b7a0aa3f2bed4635a

SHA1
2bc088d66c27129ec6c8b9d592a8e0256b655fe8

SHA256
0c808d8435bfe25cdf4274c93761f37df2169816d0b3c31a3e77e820684362ae

SHA512
7e28ea42f9007ca57a2065eac122683b2c8ff85536ea31d56a463afb54c2375cd40f51afed7f2f7733fcf33b29b85a7074da26a45406ad27f30dbe1f7b357aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a9da1588c85826bfbc09bbc10adfd80

SHA1
461bf2c50818255b47d4235c54dce7fb85bce2fa

SHA256
e843f6ae2c7b9ad3f3e54ca3210ddd4cc6bc94d65c977a911a24418846844842

SHA512
8cf81d52ab449625fcc07169157d8bcaa2e60cd582977552b8f5d63653986edbd11479aff78df8adcdaabf7fcd8b081203da5715f2e9f5b04fed1c56984e9045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f05d10792eee91a4cf21d402e357d8ad

SHA1
3318c42b7df5318673a3b27797f1a5a53017ee5b

SHA256
a877c988123809633e7f5ccdfc758dd7c4b914f4190b1f4ddd494e06922984a4

SHA512
b8f12d7cf0fe5e9fa333a2d59bd848dda2a4ceba7c7d6587af4eaa4108567ca3c9894e10f9568eb74ce4dbdfcf69abbf0fb2c09d436312bf5a90b113bbd20064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa9e87fb8fed064683db3f81b7be20d2

SHA1
a0ab850b412d22a12780bedcb741641218df595f

SHA256
74eb10e864b514968952e76f76102dea7217950376e9fabb08a3b9219f668217

SHA512
daae5555d309d6d16377158d7575786ac9c44e6f0906cb4541d694c1a181fda3bfe4786a8890a5a842288313b35d9d4aba5f2273e6ffc8a86cd8016c25c835a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de5ebe46ddd0b7d42e24f1159af571aa

SHA1
6b4141ce34f6d4c4a814ae51f2171565321349da

SHA256
e151bbff27d6b86f9a6bf007c0beedbeccf513711d62216537008a4833c8a734

SHA512
5568c15053dcea9022be217a13a25c5bc5198fdf8089ce67f5b61e75213fb9f0e3f2265ed93863e4ec11bca164279f6fadb366439597f5b67f7e05fd5d687dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
42c0817501bb050e5ff398b6eea8c946

SHA1
20b6f0e4d1fd14dacaa80915fbdf8a2029d7b98f

SHA256
4a8d0a04fe9b60fd3d1d0d83a17b7937159ad9f8ad6b13ce4a3ce35ca82545c4

SHA512
f9443da9f5dafe7779596bb1ac89716fe40ec3fd79a064165c57bc7f200353690852e1b2780438c67ecb346ec11997fb180912e3ce413ba5f857cd95d779cb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\352ccf70-6c7c-4b88-aeb9-d9b338f9a81f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9be185a7492c1f1666b70689d263cd88

SHA1
2fe303f5ba40c00bf890d392cdba8620ecabc6b4

SHA256
c8bd3f4c147f1ab86cf83343ab182bcbb3a758cb21d0ceaecf059830a73776eb

SHA512
23ef4ddcfa11aa2c8c3c40a97d6460282d2d2969f546e687d67f42b0afe5caac3448edca0b51646b64b9b38735eb62c05f4ba15ba65cceed24cbd7178b323202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2348fe1a263899975de6cac958d48606

SHA1
88c457113c09baa378b1f0306e46170169e58f6f

SHA256
995ed9625d4d31d46774c29ef8ee538de4641850520436a35e30585181ba7335

SHA512
bfc504ec78d44943098fbf7e3ec8c1c37947e5c91602cc4faa46c219d0fb392ce1c8274b72bea37750933e55454dd2ceb1f2ddff640aa36b0e24a7682b91c0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9842cdab015ee03edd3ed7d296202f14

SHA1
44f7ca4a8d1ff893a9cd487f3097694e8127bc2a

SHA256
bcf9ce55bac2db17612cc7298e02be4cd2bd8906bd7b9fdadb7aad40f590a6b9

SHA512
bbff2ae4705c9fc885ba77a91f55428535ac7995c80fd16e773bc1fa35d4cd286b09cdaa97f79253f39a387cffa0331a7e6ae0424badc5e6440ff1764d82a575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
9c282f0db8c714798a013b2a039f6b01

SHA1
2963863585a2377623f98fc2b5ac2f25ff65ea14

SHA256
06ae9acb592bee6137b8096f5931b41aa58f71805c9d5fe90a70828c411ef6df

SHA512
5821433c3dc76104d99d0b5e30bd9f5af18db6aa74898a139c9178baacd9efe8aeed469046c844ba2f71ce4cedd542639ab58c45342ef053701865a650880388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
0af350c480ab565287007d89ab48a899

SHA1
4bc2a2c1ed2f10d047429af7c9bcaab3a34f25bd

SHA256
030239207754b0195bad3b58d42e4bfed6df4aeaff730c3fbaeed92021ca4b85

SHA512
3586ded7ed16c12ba8201b1a215f818e0dcff598e012001a4765cd727587e5243c87c8e7afe84af623d34beeced1b536e1e1671cb3baf72175512a6800efdd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22d2130ffac06e59_0

Filesize
240B

MD5
0e03e79b1131cb2fce3dafd898849311

SHA1
fcabc5d3f5a7cb1e7d2727340a5272187f87cba0

SHA256
0204e00af3cd789558fc5a5614656d5dd6944c96867df6f1a6fc04e490a5ed77

SHA512
91d501a0a9994f8683da248a40989ae6c94fe4416ac96672b41286570815dbce4f8315a260278d44574a55cfb58d6366551b07b18649c2451263374a34ff48aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5e6b352005ba6b9c_0

Filesize
289B

MD5
e94e8da5b284d9c051cafd805567fc12

SHA1
f7901cd406521c72d0f1fb0de5aa7b45e75b6cfe

SHA256
14b2c0d47835706eb219651255672667fdbf48a8471aef2b63bd2db2e893ff74

SHA512
dce3dc81df0697094dc335180f476887ed5c4c328597b530c00cbfeb97398fe8ba4ff04911931aab5965aa259ea45b33df29af96c6255b69c947e8338184e89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\851ea57380198d3c_0

Filesize
19KB

MD5
038535d9f99c0c03e9475118280a48fe

SHA1
c6b7ef5fa119c98e0945fc02454fac469db0bf7d

SHA256
632349af29e6028da58970d10f8e7b21fbbd2accb2bc032131b4b72a0ce0e8b8

SHA512
99da06a89420e095c84f87659943f7c45e8385170bd2dc40b1150c98b0216e35b6beba28279aa1a84c10b7cfa2bf5a0cbaae7cd562d02a4108ed2b1b5d961ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf3eb4d67a3c9046_0

Filesize
622KB

MD5
f46378d82cd9eaf9276c08aca30118c3

SHA1
3b1b31ccdf40d6a6eaded15dc2f6f6d455738f37

SHA256
5d73ea2ad941cc81f5854c7c442df277b9f33bca790ea2aa5fd9b610c0ea0773

SHA512
df470838c2b0d48c538a1f6ee371f0ab15929ebedd27c31f54baac905d603e05888695515848c019382bba103f7b83929809faefb900d16aeee277eefe019697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c7ae61432fd260a0b16819ae9ac5a5d4

SHA1
9225de1fc923ad4a926dd134a9d5222e51877149

SHA256
284b612b425b56996ec51dd2ca2ad78ef18319f52f86ef5e0893a6c0c2d3ffae

SHA512
ab856f57cbb1727203cfafdbf807f15dd6d8f044b408dc33325da2b0a28cc02ee378c27a81d974a7067f3aef4c9bb6d0c1f94d7d5c50833cae867351d3a6a38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
39081d54b5e8f51b35acd26f9be9b27e

SHA1
6c6333e6506bc3d8f329b5c500390bc2637f9242

SHA256
6320b548d590b617b615f5fc177abf9ac681d9fa82404c535a5acf9baa7c9218

SHA512
56c10ca0d73e6714eb1eb1ddee3c670c303cf1bc524c61bc80b866ba21cd58b23f7c28838d5edba7241ae0859a80720bf759b4c958d72a8e627c8d5f3b7c0a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
216bc1b866ef801870060febd72697dc

SHA1
7575d013f325d85660e40a3e43072d86fe75109c

SHA256
5b9e523253d4091c1892c23a894c214b85607fe910c48c1d2a2df964d747948b

SHA512
be682f228e237a1fd607ad9599624dde53ef37e15a9bd56ef812e8ce315618d61e45fe78ce1d5239b9c8f8555c6ac689cb3f087c614fb79364da3d6f7d44052e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5076c8753499f68400cc44719031466b

SHA1
857d5d829011adc8cfbaf678573303569adb1b19

SHA256
00a295386b830d1970e0db8e810ab6f6d42f2cee101d544dbe05d0a9b7e87949

SHA512
6e493889bc07b21de149a1c921ff28bf9ec48c868de38c901871ab979b76df36d42c7c7cde234da1ed371e8cfbaa48769f80e691309bdaf72d59ae4e943a0067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2b66647f98057731a5ddf9200cd4ac78

SHA1
23e21c7dd88f43ee1fe2511c38888aac761e9620

SHA256
ce6b8884ad4c952eaebf329e2c87c152e30a8aac8cc83ebf4101ef61ab93e8f5

SHA512
e2caabfd3df74e5e1083aa6fbd6af8f7ceab85c2ae8a5cb1ca08d79e15865c55c1f9e663f59f6835397e81f463fb243266c1ef4ca984146c51540fb57f55009d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ea712c34928a2e9af4fab7dc446b8ba6

SHA1
41bbcb2bfe08382f921a1fb62b6ab030b13f6083

SHA256
1635289a29c970d14b41cb21f82f1ce04bed449087b2800f171f175e80d47b2a

SHA512
af2723c48ad65e43e6133f1f2a1fef68f7ebf3f01d9514735713f1faae3f664cf3c7f615785db430168ddd073880236e3d0d2b56ca0bdfa0b0b5d5b658d90eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e95b85a235c1693be94ada9712997aee

SHA1
81062884a87a4b4cd3d9c4a41361af92bfa103a4

SHA256
3a26ba0a71b17a28c9467c78e4475afc01b35836d627a6616902691fb2cc7b24

SHA512
ef58c0c16d189d1ccf6fed8fed0a7fa2f0580f173119da8a605a76e4f20062c4f8ae203a1f866b60819f2639399b1084f1765561d1138373522db2abe721b5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
abed9ff2198e9ce8addd54184b61161e

SHA1
dd6de94de456a4d3c4b1536e39405a3b853529d4

SHA256
75d636aff15156f77d3f77dc324a676f5248d7ba1a53847a37d5a6ddb378a532

SHA512
c4fecd119a317ab69f6202fbd1263e0ec7997a6fc4b0030b90ea694c3799e0c1b26eb0adf2d19811be97c339ac351c20d4db5019e97209299d49e6095b47b6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ecad5661dc1f387f010b002208b91b54

SHA1
e9ce04f9d461d791a6601af64e89fed0039f2b33

SHA256
44ded3ffbb227227aa438536fb47dc2ad926aa3c35222ac4e62e9a530c26986b

SHA512
09671516529374c3b06dab91c7ee9795cc73f215bbebef7ac0551f295babc02f1ada7263ef5ff4085347bb9e1844bb9745dd6d77606e694350cd0a26593c4d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
4a739575a48154a7f4e57fa8c997d11f

SHA1
f13c25f4b4c6c341068cca1e42625df6e6429396

SHA256
7636be623366513cd2f08a98fd96e9deac82ab169573c77d64e98ed53a85c981

SHA512
ee99753c46b28e42bc64b9bd96fe0c49803abd48a5a022dfb539d15060640de971fdab538e9dda2a6f416a3c27d0fd4fcb9fdc02b5a108d6dddf6895430cbfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
764c4737a7a74c72228884c067442125

SHA1
fe731fec9c8ff57f401ac00d57ad97518b3f58e3

SHA256
3a92965940bc97b54019bb3f25b43da2bbd0f826df2c37a051037e33e4d5e916

SHA512
261343ea7d179850605c214d6462e6bc6f8f4cd97ada6209d3fc877c4ae07e0c847e275457ccb81f097b76de8a923f4acac0715a57308e864f2f98c487b8ab8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
46b960939275eb61102bd54b519195a0

SHA1
56b115bbfc2bc17f7fe493ef7389bce578599aaf

SHA256
067d9a8af36e0d06ece45fd2f716c8c24ea7a791a1031aacced9732977d9616f

SHA512
24f7604bf3dec4e313dbf741e51081425307100b9030c8e75d395a27392123d975e20532cbb4722c17c3a3654779d3f6bdfcaea14f3d070c15260723af5a9071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
d65ee16d27f7d3a24a40de1211fb3cee

SHA1
cb87b564824d2c1e2142e0dfb0b94352faf2250c

SHA256
455c88c8b8e75a5b0b39900a058e7f9883d89a074a63701f6653279a036566ea

SHA512
c59fe4c2220b33d511cdff5cabd2592bafc0fcddc2b87178904405f50a3ec35f6d6c61ea963a945c6155c53422e4c430eb081a9da24402bb306d16fa8658b42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
8c48d436817538a65c5107981a6cde6a

SHA1
157a543b3f8ede592720807ae50745851f7f63db

SHA256
a4f78da6deae2405b123b63b330dc8164c4f98cbc07580acb5ec2ebe5e357dad

SHA512
eca5b2536f92802559764e32f7355bc30ce0fe21beeae076866ad3ab9983de10f1820d94c7a590bb3c90d93d343de4d79f1715137c4fe247584e5d00825f493d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
54e5bfb810199893550bcee8c8b6e8ae

SHA1
1a3ac54716a847282b4bc8f168f1834dc0b32858

SHA256
a027fa159ffe911cd10b2e342ee080e577eee1cc60a201fdfbc2b16c2a045c15

SHA512
8de41f513463a5e3da408cac1b433d6ac11a52b8724197e27cca33e28c38bea848199f24c8581b84689c74baa6a8e1e99ff9217283e1e42c4449cf25b1bc457d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
d1bd1dce4b3d1ca9c86584deef653762

SHA1
61a626ced424869c5b20fb44bf1c2baf70d02586

SHA256
2882f3a248c200ec9cdf244dcfd3bf58af1b4f1c27620d2cf9e1c72dc4e05577

SHA512
f555ce8ceb7feef7bdb376ba222db92716a048011541b3d27f91c82ec0d36e246ee5ca4a18b0195fc3571945872714979ec20af4b9248f5bef825e33457eb8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
11bb1f1e107c4116813bec8c01f0bb3d

SHA1
9dff02a6cb29dcebb6055acc7dc8acb898ad8fe8

SHA256
f2bb106257e864e89af26127c4f4450728a40060cc49f39514ea15bbc7acfeac

SHA512
64cd08a41d7e9c65e11d006f7fd0b253e2e398608d78ad3ae9884586410d0d45f587e4ee8fdd2c0bb36dacc199249fabb73afbdf0919583011ecff5d2a56423b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
456ebf537766a70269d0bf91bac1e325

SHA1
903c3692eb7c195ae4470b9bb751474942af1b88

SHA256
3860ec455249766d575c7883a14ba343b370e9f7496548244e45a2538435cdd1

SHA512
f9801f1d65fda413f850fc80a2d7a43f1595148bca089a7ca7689342ca2bae7869f491aeaca3c6779dcbb7c5539daebb3009ab682eb6c3bc9ccdd5dec0a98efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
6KB

MD5
9cf12420a0bec3e926413c3c78b3cb85

SHA1
246dbc732586b044e82dc7d37910197505fc2900

SHA256
ab711d80ab4528ce42587d934dc3adfeb8226ca238e85d438e218fec61800e68

SHA512
25c4816684e825ffab5b1f95be4c0687eba9f9f22762412d1047fb7696ba8fcb41ca92abe8e6ba8c58d07ab255e1c203e14c9e90ee335ee43acd8b67395605a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7250b29980a40115daa1817bee8471aa

SHA1
e90c6e454da737ca870ca714143c1ff05dfd2b85

SHA256
211498eddabdeba56ac2c154cd5c4425ba2f68cbae5a5705ca8fb08ebe65f1cb

SHA512
c2ec64d51cbc6df620e906134e353c7e64e38993e647675edcc4fa96a993121c38862d30a19f37b8eb7043e006e83e416c16f5b34fcc091ad2bc9cadeb8821f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
3972b3c22a5d1ef45fcc1f33532c8fbe

SHA1
e973d03ceafda7e9f864c2d9b946c757f38b6adb

SHA256
596e154745257b2c5892aad8eaa94ea64149b3d2362955020e227b51690209d9

SHA512
e11bcd392c921fd3354b7ea00d87a3eabff8bbdb0b53c3de34381c268897c869700bc6dabfeaaaf03c69934bf58d123fa7ccd37d20039bc0b0f673735f28f692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
274B

MD5
b1912cd01e32b5a42e2710f4a2de4c25

SHA1
d0af7ef113ce9071a52edf746cbe9da97618f0e7

SHA256
b6a6b9a2ae23297a6fcae697f0b7bef803c060d4387881fea5dee4870b02cd0a

SHA512
c6a13a3fbb83f1a90004786772ab29ccf2fae48607354447eddab6726fcb2e53ce36a4534c3b691fb53bbeec5509af4b79333a492bf10e0dc399905a9c61753b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
81684a21c94381c854268cf64af12e83

SHA1
c073a3d824eecbaddf60de27fd2162099df6dcec

SHA256
c2ed55e22783dfdd499d79e3f599adf426beaf07083eac76d1bd7e1a9b2f2ee8

SHA512
d8a2fe9c618f321126ee1a488b998b99c0cb8b1fd64c422265e120806cac93b2e82301628ce24c31039b73d89a313299e7809a59ad2639b5d8ed8878e1da0445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
3ae9c5368878b0198c86d51169ed147b

SHA1
50cc44fd271892c66008b02d136076b75e0c05f1

SHA256
af81aa8b7bab62216adc34009897c1b18ceea85427015fa9ff4382ffe48bf97f

SHA512
be485c5fe0c84af171f2815d9936a3aff4ce754f54229ab53196a2faad55bfd559f5e7b1bab99fd4ca2f6040187936bc89662244b5965a7a4d33e1f9bfb70d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f92d4fcfa93b25e24b2aa868a50a73d1

SHA1
ec242b7b536b14aa5e9fe36c9b9be8dc95bd0278

SHA256
319266141232f26d7315e51638fe518e527b226d414e879c0d197932479e5c85

SHA512
b5348f4176486ec973e54778f3ff213a729e6ab4e01b88b42fe6af2dbe18d90da80d696d3fc025f9c4654a083b8f6f763b6227ddf9449ce3a1744c9ba095b22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9e5c20b56b3e56a454d730b2a378c699

SHA1
b53a90d3427e3f5b7d7885696472f9d0a3b5e73d

SHA256
18b52320d06ec274b487f4cbca2283ca75f92a81d3ada3f8e68d4c1eee1cdc26

SHA512
d7f32e76b31f455f6a0ab0e11fb57805348eddb2f20f362fa196fad27438632d92922a39b6272ea265b46279c717afbdcc15764959f44ab16e40ac29d73916f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
60e1bccdd689ed3867d3479640470fb7

SHA1
bf8efa8925d0c4745ef885bb133abec14d6fb232

SHA256
c93feb920ec24cad684c08286c5acbb61187dc55eb7f020f73aa86d297243b0f

SHA512
58b6c944a1e66096fab8dfa8f83ec54afc6f018aa479b101dea7d44357fd1b4d6e5e6c68c724535ad5fe9850a2153fee7d11efe3c07d67adc4dd5b73ee949966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
015dd572b63bdd85cd9aef92b8f100df

SHA1
cc53d5e6fc27914d7074011560e1ee01a5680ae7

SHA256
fe54844b0171913b528767c158f457c9acf79bc6f47c16d986e5df6ee622f66b

SHA512
09440cb34d8c539f8aed366f348b499dc4095f4cbdf1090ee1c1047c2abe4e10755a438ec042d944153899c622f59341b3208455d894a1bfea28ce07030be419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
855ddfdae4b9c058c0e2fbbe43938be0

SHA1
16f9f1fdf6fea19eb8471e60c88e6b12a92a02ab

SHA256
60dde9f3e4f162eaa35fefc6733ff3d218166e0906c603f0d99869f7585cc9cf

SHA512
03bf473a224e9d3511dc85563f4a9097dc51c4e6071d0150ec6039985578a214db25b9b097b248c95ea5afcaa8c3642c8efa2f98b2d7d31feb9b75dca07c0e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0423b2a7b49ffa69c5212ec4c3596371

SHA1
093a6edfdb30ead7c3ecbb396c214bc978c9b382

SHA256
3f669e7beca7db6911d9a0d29c3b2372fdf3a9671e97726ec3f058fe34067621

SHA512
6ee57143ceb16f8991d8e8bea781839442bf8c7bbdce675b73f33bffb7d267fa47b6bd62df60efd63d8014fc84db70fcb84049118791db5f85557fbb6e1d55f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e7e51d94f2ecd1091da7fd51e87df8a

SHA1
b0fc1d7763297d7a4e7fb4e2e18e18e12492a38e

SHA256
169b85c9a3777b7a11399ff6b62308024639a24b1ac0ffe128d986a391c62cfb

SHA512
e1c29792fc326a333be6afd7c202f87c4b2bffd84cbd3b719672e68d685958994a22ca62f0c68dc698399c4f44f4e63907ca33ba53e877308834b19241ca33f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d522fb11bb500ed31f86e17bc59629c0

SHA1
50f69323f9626eb3f63a0da18b21bbc2dddef46a

SHA256
52ccb84aaf4fad298dafaa158e44d8129988610682dfa85d18d04f718f7b44c0

SHA512
e515fc2dc6effbe307f5b78dd8aea7b9c489800808c73546daa82ad51f6d5f7a02fe031eb7d42eb26ea63ab237b5ee70039879b1c34a359653f567df4208a14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
85607ec9635c451057dc8b367341abec

SHA1
fa99d629e6de7fa64ccfb9b759dc80849d9f1ed3

SHA256
90c28d2384665d3e5cfbc84cbd2da9367dae162de8c98f1631ea92cf18551100

SHA512
30db2df9b448a026881f67419c6fbc12e8c4af3f85feb0f5abc49f10e67ead707e0a7699aee65557616ee8c460d9ab366f161d05ae8e55750f9b907eac80fe42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
939B

MD5
ce611291e794d2cf2843db3189bc2720

SHA1
294dd927cebcdb8e82f9adad7d49163dfd6b5cdc

SHA256
fb9f9ff3b9c778e9d7a8bd15c3f1f144c6fa0b1ec50c37d614a6fb8851d4137c

SHA512
556bc195c47f48009dce94735ecf65ab88b36b64f512013b1ea6a01fc9bb8b3e08936c7ab6f2bfa3418d038cbc84a96d3cf5f023b7b30a03e926101a5f88dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
77b6477f92eb5c791315095c731a878d

SHA1
f7478ce75f52e1283751d86d617b4a56d215b5e1

SHA256
c252660194d39032fb5b0857638c9efbb20a084b0f72f8c9cae53759101625ae

SHA512
4d87a853536b44691fe41cf34a293fd2a77028fd4db6d1309c7b4fc863757f28decd2e49c1e4381250f57c2d03a0aa1af81daaa23ccc68e86a3b636dd3cd4639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4e7fa19ecd8dbea675520dba281766ec

SHA1
a924daefa3458ff69e0baf7fe4ee93b6e27395a9

SHA256
892d61fc87da92d8cbc1a31137f20de92c69ba5da3554fc13b1aae58c89036ea

SHA512
a0ba0e312e8182e9215e70d09bbb8eb0cd0f5f4804b9ddafafde704108355d2caca9c713165f1a22b1124cbf1a92fa96012d99de0916ed7c19ee07f7096aaa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
6984db200a4d966a8c90ac492371cb02

SHA1
d40e77ed3ad36e646efe94196000e8f9e27a4fc7

SHA256
46c4a984c082e6248c141b2f2ee8f7a547e082df18046784d5749613bbf01702

SHA512
1d0b8421b4c31998702e4c2528e40a413d2808765c593094f23ed39f6f5022cc84ed214924563ad81f7dfe0e97c55c6dfde02ecdaac47fa496932ebada618352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e6b1488c131fe3dedc9b247ea6f004a4

SHA1
6b90b4978bdc84928773f312c74941ce34eca27b

SHA256
eca52355d0bf379fb09fe772ec0d8931943852f48dce67e734e57f9743b0d2b2

SHA512
d501515c99fd9087507bc69f64fe1e2c7229e07659ca5b2762d0d7eb26756ba8f079810829b5934dce95ae9d944238a635197d18821c737ac17b89c19b34ba67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
13388f1b3490cf36805cc6d65349dad3

SHA1
b916d10d9b47373612bf0fe7cdf8e207c411d859

SHA256
201824dc4fa3caf8c69974b29e9f5d5bb859ad8e4276917ec2e90707ef2a12c1

SHA512
5bc385d37077a6c9dda63799e507c783e53b5a0df670bf406d1cb1eca7d8da1aa8807d8d1ef4d8afd4872afc21b7b9ac5baa6dd6b32ace86767eff27b8d4f6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0537ae856147cffb2bac67b34468401f

SHA1
916b858f27114bb1379ce88ea2157c8c7e4b0160

SHA256
bbaf623d050db8147ae3f74efd4b990c6e1913f63ab4c062ca7e9249c178fc20

SHA512
f8682e5bc8ba804bc3769e5ca4f8a5cc0f3601473a7c7d538d6c982976fce8f3f726755b5d129a770068cea8ed509604f302239f720fc0b87a0dbc036198d351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
89ff814a60d1e1b777ceddebfca5d448

SHA1
158902d0ff29e99e928de891539a5485fcaf5ca0

SHA256
ecf6c872efa29a2f6ca7a5dda5bc849a6bedf4768ba66b0b88fc3cbf009a739c

SHA512
8e3ba7784e5ec6c5278b45528de292ec5b5e443a81bbc61d5a35df710539884d74023eb70a14168f29d0afe5525c7cb9c54695256e61b5ed622898eba26de147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0d10abf5cc8e7d682a5eaa8753abf9d8

SHA1
4b5bf5bc3d635e1a5004bbb969b019e4896166eb

SHA256
ab35d8adb5d691bf3558be5635ab69f4290ea5bbf8ad581e1184100757b268c0

SHA512
6fc442493a8a990ea529023a8bc85ba328c48fafb9160b345d334689250d9be77f70eb5b45c545882a20108c6956c95b23c3a7ea74c1361def1904292854a349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5e7bce4a5bf8219165cc0b3912adb288

SHA1
e3fa40f3b0c969b66a8454653ac7f3ce522b20ce

SHA256
765688e6b49798eaa77b5486cdf581b3f00386653b70fffdb1fb28385693e808

SHA512
8761a0ce5ea5eced62dbaaa6eb65e6dcc1939a594424cc1c4c78467def2453e19aa477189a97340dfd96e09837334ae7403ca4b49ae4592faefee0b832d7bc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84f3e8fd3547dda0359c6c82d8fda084

SHA1
bf4046e905feec3bc6729c44d91eaabccb7d01f7

SHA256
df88d0ed24a45d58776721288caa0c13a3cf6299313fd1f10bf19c6bccd48fa2

SHA512
96c55bc8c39f1a991f0521c26e6f143baa5982984804e808ce8fc24e7031f5b60d030f5f48040c548f3dd869756060914ad361b8de25e4375104dbc4e1cc79e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0a75ce2d8af9ab0e84491996a03d1f99

SHA1
5331626ba5bc0c2f0de23a3edf8446aadc46bcf7

SHA256
22a74f61e2bdd8de427087fcfc2b9a7d4bb07d70ef9a522043d4e391e1fe4da1

SHA512
acc1c79dc11fa3a164ed43a684274a5b21b5297447b359a9894b20c97f3766dd75d56b1fa8040a5d7cbfc4af866a5bf2c9920beccf858ef2a6c7de19bf5190f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d160e0202c2fc57d9ab8202eb3740d4

SHA1
56a5570ad805ae4fab60cf9d9d3aeda9d133541d

SHA256
658d1b42a9d57b50121a808f9adcb0961b4b9e41b915d61830e7049041f39d87

SHA512
adef0d5404d30b429c8a9db7ea68d28513d2b4cc406f9d3757a43f0057c24dbbf719d954f0db5a7f73336c48a68199e29f393caea0910cc8e9c3b64de7ab0e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2575073670e11fac4be72018d798c15b

SHA1
cf06042f3e9e7567a791942bf6e801487d031061

SHA256
b80cfa21981c1429f9652741b42a51bca064a669db09b093f4e8885be5e65ae7

SHA512
cc5cafa303ec0cd6efb88c894bae311e5ee63a88b2a3224935b9a721592154bf9b3c8036cd87e0cd5848b895eb0f195022402b702f7601d8f97783a438b4868f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
416f0e7ba54b25f1fcc016b581e4ec60

SHA1
c564dbfa38e00aa9ae57494328220f006f46afe3

SHA256
51632ea642f22afb7658516aca8f1e44a13dcaedbe5ae98fd9426c70cc7fa82d

SHA512
5cfa192583f9a6f1f7b95a556bf4d8359d385f8009d1e9f674261c465d1935568a0e15c7d5b57265ef1e61dab6b09277968504e52c09432ba98031f4bb49fbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
530c3ba7e9d9ed90e2c33a2276012c76

SHA1
b96745e0f9f94591c564f2ac4e5de3f45ab521e2

SHA256
5bd463899398dc8a99c409122f024e9acaa9e1c3cf4fdaf4868447ec17ed2695

SHA512
f84ae3172734ad1b8727de9155a7df6708d6acfa984ee2374360f58fb62fa798522e2be4c3d6d7212ee736bd302dd64ee45b69bdcb1ca592b911b2e93a0438c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b5ff7be655b123dce5ecb4902db642b6

SHA1
982a4253ac7654008664a268d1c479e74577e470

SHA256
f2f7ca8dd4f00357c8ae83ae4f1b266a7fe9913c4feb233ca4cf40f169ef0ed8

SHA512
8d88bc120fb3412859a4eeb8ac68136fb7a2c2b485c4b519acc5b76f8b7cb24a563880e1add439ca5dbf22bc7f2d76efbb48e87067ceb612a140b652d32c650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e8cde6ab50ffc6269ed6d9b71ba0cf18

SHA1
c54bb487cc5c5ee4d2240dbf17bc7a6a4befbe71

SHA256
78441e6f1a77f46dd8d55a7b53db505cb52f3fb5ddfb5c000344e6714aaeb259

SHA512
42240cb6955939b5aa1665539d3852ac213ded1b05c6cf02fe335f5688d10a2615bb01e50eea6c4c118da2059f6815645b7c652b215d90dc9cd217447c0d3850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
515cc66c88c614acccbe5ee7f487c066

SHA1
cb96c74a0438e6abd2a29068564d00bcfe51806e

SHA256
825c047e07b643503456d68cc22fdf33d64b31331694f5d2f5f1135dcb5b5b5e

SHA512
ce6692f749791c2912b4f6effdb00faeadcc3aef32115f12c649acedc61001af3e990601608ef9219ff7cdaa8d0aa610879f0017fae584c1e03f98404dd02142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c31bbd9b92b240f558b0b667369e996

SHA1
a7c3514c1518f96f102f805d04df657a058d8210

SHA256
6b8eb68f7023fa3c403a49b1014956e292e7ff4680ea153c81dabafd60b7529a

SHA512
65ff670e5c54c3c694ca84ad2f63ab1d7d073debcaffffa3aa534892b71891f9c0a429cc985f59a0ccc9e141c56712258f3fafdc9a6682b9973348c69326d8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4053fcc678f6926d3d885c29b6feabe

SHA1
4b69de6fc6803bd0ddc57fe0ca1e4c86c6ba68fb

SHA256
f26864cb7ac4c6abbb8d5ed4defb6d9382352c980339a14f475fb64ec2732ac4

SHA512
11c6e2f21ecad5a09701aa05c3d14cbe7bf7f41c175627bbdf8b2954b7af744159149b85f0d5deea571b38b79182654473bf1f3e4570c0b16db637fad67fafe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed379ef6541368561df78feadf56c467

SHA1
7120911d240520f05ccfda5262c98c3e608b4144

SHA256
b1c838c196e27f27cd521d181faac55cbb4aef48cebdad66ab249e6df219335d

SHA512
1004377220cf5d51197dbc688e80f9431b9246ff5281a398bf108dbaccbfef41483c6ae12ff07ce4f57b148af344570b6ff5aab213f1909eee0ed7b3e001b627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
80e639b2a8ecdb1a1000313a7390a21c

SHA1
fdfd80da98f86b17e2c919b189ffbc0ab572c3b0

SHA256
9e6de475dfd7cec94e07e1f259ffa1d63032cf2e23413d18330e1c5233a1c2fb

SHA512
b64678c620d58904a63de41774bffaf558c68a9f4d62f15a58cd38c2e504e91eea687fc76e66d0189639413afc8c45db8d1af8198ce46633250ff6e00558222b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
715046fed2fe31bff7df7652f18a14a3

SHA1
366102663a81806e421445cf46e175a5a69db933

SHA256
f5ed24dac0658638f545ae665554499686ee97c20893c2385de8d477ba1a1a9e

SHA512
216e23ae4a8c0219cb35b3dc5dc8ba888625a563d59677203c7d619f261fbd135591432f0b072d2b4cd8e12708a75e3ef5a2fe24363dab9748a5d9f725d93b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ef97199fe0a6971d901d19201839387b

SHA1
2edbb64bb23aa33383ad543dbbb579fd6d596037

SHA256
992f0eabce522883fad93c11eb1b634d4213c748e6693107c9f1e085d0fcaa8f

SHA512
938a0997d35f85a2e3aca904025e5a4dd3827cf79f7653e317de8b66ad161fc3e1f7d96c3e8b28ccc9e47e82c7fb07f872e09b363e6af320fc87b6883f17f19b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
969923e849197b066b91c5766c465d73

SHA1
7b544947a099f94604a34ca872b266ef49fbe893

SHA256
f5c783ce414e2ab3958ce95f9f392022759081a2e5bd5303fb846eeaa6ced2ca

SHA512
0fd8a74ce866aa8afd0ecb43a70a42d756a4da5e2bd3e1651d75fc204ef94daf641ff18c55855b61c600856cbc8ae69280c3848ed38291c392da6cef92688790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aeb68248910a09a57d9807f83b5f5727

SHA1
90f2919ca34a0fefc533963d60d5269da1505130

SHA256
ed1fa7b943b7c4ac66305ff75b899b67f46735a3b4aa3fa999bc5550c6a606d2

SHA512
17ce73b911507ab6efd0a55c3643c55ed4c3f28ba3ec1ce64d908ac9641dac43da9c81021653d4763a1e1f2707d664cac3e44d86909f91ae1903b9316bdad57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4fff066c96ff7552e0044ea7b00d2ed9

SHA1
4b0c08c2b707a78dc68b74a9fa9b9378d3287677

SHA256
13ed3dd93dd9256e43d06694c975bf19ed38fff6d188266004db74e63171c610

SHA512
c9ede2d4d03604e5232daeadf7a674ed0ed6c0a95e7a791c0383fdb0e8b3aee67bf9a7e9b63c2ea6722fbe3d84c9a9307ed83ae0aa2ad9bfa5ccda479e7b241f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e813587ceac05933c4a8c73465b4315e

SHA1
538820e460db470e491563bebc1533eb0f4bfafc

SHA256
17e6dbe3f42358a4f227fc9dd5a77f8609acbce3e314bcea1b7d184aaecfe3ce

SHA512
6dcea6581c5dd909e58cade9550085f5a81ac97e8db30fbb53a636e630aac85f7c30802fc2c855d009d4078eb69992c8684e7f9f1e6d70a56d17de90dbc41396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
352b7fa42b366fef1f06623f6d8290bd

SHA1
ca0c59f553483997d7c5620feb980689944dc41f

SHA256
b7d040eba178d53cea983a7ae98f1c856c9ffebe9bdcfd2b5fda4a55b0e13a37

SHA512
a637198163449a61174804406329af29ced977be3cb31d2cdb67cdacf64e45c1afae1682f601f919c8b5f4d3cbe274cd65358acb307e332f1c00f5655e34aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6ea0cadf3e7622b26ab234b3f98ad79a

SHA1
5a06121361ebab74f8a6a62b1bdf0b7bc7a6cb99

SHA256
7756d76852c5797f69cfd58cb6f23e9f82f7d7eaacb439573b277be84498b8bd

SHA512
cb4139619f3308716257777123f4839fb0efea1a1545866f90b9fc8ab93d2ade4e813c1f76a9a64b5a05737e31c2d13dbb57a9aebeaf06f10a395ba382aa7518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ab2ea9addcfd445bd4da7de9897818c

SHA1
6124a5d9301e9a654aa29dd687906275a0bb857c

SHA256
fcfd84b5eb0887f14e4145892fb2baf1d15085349afa8d40cbda3364dc641292

SHA512
03393b542d9f765f1807dd80bbb67444842538ac112770fa6b70dc1a2e3bc1f0e35133fdea41d81a438fb86de3143633cd7297302f4f8d9a2a64bdc78e6b0563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7126ce28115f7727273ce4a9b63889f9

SHA1
e5a1f74835debddbe32d41fbd49860b91244a324

SHA256
8a0c5816107d3b495401d6f6a844893d0177c48104bfab629e001c9ab6ee1595

SHA512
f815599b39af1e8aba1316d11be177f8d3255aec120eef8cfa6513a1251aee33b5982d93a5a1edec157d9d61607d48cfd26a6279229a9b1aebf2313acdc92142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4e7c6442aca0855d81cc5460cb9fec28

SHA1
0fa4537fd6e43c53890626943a543dde51f5b4bd

SHA256
fffc308225261ae264cf8cccc30c8fac64731cdc21938a76e7f1eb84cc461934

SHA512
85ed42502440f86c754a405201ddc2f824d9428a81ded3b6cef4c85784360b01433aecf909e5af029c36490e23a9fb1500e9bd0ca8fa873e8e47ba6da1617461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
34fa698d71c1f993646cd22801b0d590

SHA1
6db2c157c7f6415c0db0b82456f4c21cbaf17f2e

SHA256
b6c5c05f453f35623a8aa577494771da33ff03d97ab83e9d8dd89096229f7684

SHA512
e3470d14679be5b0b48e8f4e35decce74f966cb0ff0d2c66e7f93286c9eb58f1eedec02cfa22b1b49f5f2737e024443530936e14fc2e518f98e30a5e3dafe60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
46e639ba6cd12069ecdc4e0eab1f7183

SHA1
d44a04af5215578581fdea3ab63721a1d2591b3d

SHA256
d3fed7e59604f2df499ca36470f51e64ac598cade8503e6baf0bc3b85bb2671e

SHA512
af8e2aa0a6f4d4fb4a6fcac02f4a3c58ad5153746a4289f8238d331d72fa50b258fd4afdea8cd4bb169936f3477a1445518fed39aa1011c6e12fb31f4e51b6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b48d658bb69beb387697830f4e38a71f

SHA1
df489fd2fe8a10b7a7b73777811d6b8ce2d73836

SHA256
39c032c7848f801dbd97ce4c8e7e7595a060051f22144ecf5a6ae76f5347e376

SHA512
7bb941ac54348559d7c381f464af3a07c4bd64a36a8de8c8c6744890ef9b807887d1aecd85d2e9bcb890f9d1aca3a7a53a81e2f7b9aaf55dedb95a14547b41ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
49a53ba6dcf9a673a24e92ae841ea087

SHA1
e05abd5c8756840b93a574a4a48c0512e440e7cb

SHA256
0936194f6039369f0201d928f435b66a57e0a5d9b000b07b35d05320b7394f78

SHA512
d40b5adac72a9db5c9b336c44993825c0759a8111b39e2c4203f7aac13c010035d9b29a1486def6fccda1672df5b13998c4e7acf730c1f87486d3cbc5334f486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
264cd2e70a5c04c7e004ba20e769247d

SHA1
2136aebde5c93dfb8791da445148dda626603288

SHA256
48b137d292caa2a43b9eefe6ef88cfde87aad92bb6cebf384f42a58bd2a001d9

SHA512
287cdfc65754fc74682fc84926798831cad98e9b6c49398c00b2d09bbf27bfa174ae829c96c8c3f646311aa70c1a9c37d2bf34940017ae7f9dec19c8ba42a5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
12bca18ae66c1050a93c1d6ac0b7b7e6

SHA1
666a6bec32760703ef156e55af5770b80466be54

SHA256
85c4a2018909ba06c7a2fe8a4077d6784e0a4accf36bfdf2dc53099459315ef5

SHA512
2b3c9be4a63a6ae3fb72b4faf29e530963e12f0fa0ec25042a65d480b81914ec8b3189155392cc20598581cdb5b53f4f0da341578df83fbd070bbf58059e5538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
043e516da6e1921fcc5683c94b49f3f8

SHA1
850809ef0469e4e4fd1d9396995c8eda9e62f8ff

SHA256
3fee0027cdb6e52e46c8f9f5f93183112adf45579198002c616437d76774d050

SHA512
a915dd4e8a4d6e02ccfdb6ce685935e534321c753c07cd2f9f4f3ffa5da16eb072ac508e85f90314fdf93cf04263a045f745a0fc18c333265cc6006667d0251a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
487ef83a7785583169c706976b49e13d

SHA1
ff22523465804403ebc3579ba3460e44d054ed34

SHA256
a47c6349fa82f0dcf2fb2875670c30ecc16bdb5903876c7c1cef2d49127bf2e8

SHA512
ddbf3b04d8024b29f150fc5b6853c9369ea110dc1885ec9f027d26d58cf770e7c1a6e11c795ca6f7bf0511d78ad5f66f40b09975d71dde597205df9c07079cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d06f5962622c79bf3d5c8289bbb58245

SHA1
2552d22a901c17d76b7ecee721726f8dbbf3a273

SHA256
858e85183eec77faf71232027e96400070e88ae1a81cc1530517a832cf7bf689

SHA512
7b65abd5f5cf9b9291d5a145ca6f9482acc5fc3111e5862e78965da1b2f10fe6f299e34b5bf0df892d22817e02779677e49bdb74adc859f6f9a05a60a838abd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f91506b1698aa87bf3bdd9931ef2531

SHA1
1ccdad49d579602fa7fa0e7e4a854d75c51afbeb

SHA256
83cab0fd2fd795ef39f4f6d103fd9003bc98ce2541fab93a3eb1460de0dd3599

SHA512
a6c89d1642fc659c97ca6fdc5615e0a8ff83a0b0d5204e3cfab7729dffda1b741e02071dfe454c6eedd1e1fd82f5850b31d25292a992e6139ae4c47e1da7b56c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
613ba012d915ee870b01d64fc780cb8e

SHA1
995f6c6d8c5dfc1b859eef536750b4680602a15a

SHA256
c92e93cdb3fbec1eae99b1f9bec1bcdd849b2fe9de35e03266f795041989cdde

SHA512
c1de3ed2874e0b24973979f28c994515dced113818d5acfe7444e38c969e957f0e7e8b51c629b60ae420c49e58ec90ea1af6a979c448dbff232ef97a8d31db97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
260e3f8a36ce795547ef4447f4118775

SHA1
e3913ef80368e1c46d663951fad641319e216dd0

SHA256
e30a5099977ec22a416dc934106d1251412726c748ba9355cfba1b38b2239d3d

SHA512
4cd6fdcb80b5a442e563bfd14f37234a2457de017d218afc22af500bd23a1cabd48312e66d1ed55b8a3d1b1f424651a9a47cefd77a58b1f9f67688c2f4e3ff74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6d5d57686c7f4e0c25ffccf5bab7da88

SHA1
3713d3e8afd1af6c0be8a4ca559794c2e09fd68c

SHA256
109d02d63eb5603d145eb2843981c04d0c5d0356e636f9c9deb1d479a900ad94

SHA512
55018eaa8d260a3017c45112b7efe562ff34fab2800de96d8e5e3829544233796f4d09350adc16467d492102a59616a68e440b8616b144fdef2ee8e60cb4ece8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
9034435e8855c2e96fef71960fb71273

SHA1
ae1edb420fab9dc55708277c68d27ec58a93281c

SHA256
4a093a6986879b367027ed3a1fd5d2a53feb98f4d30b5392c0b0693cdc6feeec

SHA512
85e69b14da04d6f50de4a3a4edbea2953a2affe3466e4c115a3aff64998793a7caf12ff8a12ab07341c9e1b40a08fd947fcc46954cdd106d34974ebd96759551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
98ef9c6bf00b3045ac50d3de5c132bbe

SHA1
6711c67ef29f64d830938c5f82f7a37b6b719cd6

SHA256
d0131468860ac0d8dc55d2b61e180d750315e63030069002ac45a615b5879dbd

SHA512
871f93d72b1c178d2d98315ae279fe557ba5ee7e216a475306d14ee3c9e008b9c484c2836450a1e5d7f32899ea2103b5c42bd1b3cb0204f2b24381fb9935ce75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
7457beed5ca21e9043fb3b8f59cdfbb0

SHA1
a90304093c0d7529aa43daf9157779dfc4b7d17b

SHA256
8d98f5360ba72cc3daf52cc0e8733aff31c2a44cc5357bb2d05620ec4b098f7d

SHA512
563705d84367db1d789af59827130289a6b9b06f555e4a4d55e94145644ffe40ea721cf2fa080b869ac1d52beadcbddda2a130b8d069bc88eb0497ba4313aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
f948b0e94897716788582c94bd044dd0

SHA1
980d6a1197da3a5612278584478e9e3d341bd7ec

SHA256
1293ce6026b117e0564c9c0ee9a3c874019ff85c9b5ee0620e6ce99d2662f49d

SHA512
e6f4fd17a9d0f312efb3aeaff5488e82add916c407fe034206b508b80bc73afcb60db3184192c295c6199775c5c08b3416fb2f4637d9bac0305fb80717e169b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
c31013bb12b4a89f69d4b0ca0345000d

SHA1
48f4aba125eb90cf105d8d41fe3fb8e88cdb3fbe

SHA256
7a82bea9dc51f7508a05d574b67514b8c377143f8b0f8880bcdc606a40643462

SHA512
55e7168527ea540dd5e6ec6a2eae2eb205d15f77a07e72a1d13de700fc0bf18ef274631993d36bd767211766f7a1e2a4618e2246ebace3e331e1cc691a72a801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7a0fd7993cb96d81a02a9734010afa74

SHA1
8310f6a9dfdc17a97a949e6f30d95fd7db56bffb

SHA256
0a57d9dd3e4844b8cc698f8f749192ec556ffe1fe808ffe1b76a62f9f26ea33e

SHA512
ef9854b707dc75eb3957563562d727c9d14a853aabe9a9f81b6f0f05990efe22af7ab5b5d0ddcc1e26034cbf9fa3a771bd8dc47ff3898b6b21e9214589d7232a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
06f18a8b14cb7792b8a4518598fabc06

SHA1
2b26549be69c8f3ddb5d91fdf7520d6a04e9db6e

SHA256
f50dfc0a2e7b5f68d2417c430d122c61424a19197899fe30ae928720a5e7d52c

SHA512
c25657aa3e9fb77259ba11a09a8b5640c4b4be80333e3335100be26b936afa500c62a50a70efc03b702ee917d8a7a9e47eb16a5fedc6a5a21a48282d1dbd6c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e7b13019a16437cde656c453cb4d42cb

SHA1
c625de6ebf911ec562456c288f440a7fc5c3c828

SHA256
f1563e7b4c84e64d08625d1035bd3cff2c812bbd7742f84ec153d53c2fa420e9

SHA512
c0df27873435c68f62ad92b327eedc86defc205fe2ea9b32d8f807d59ecfbea26818812248a0dfe06bf764ce5ddfcc112b678a964f3ccdec51b96bfb044b743e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a97cc835ebee20611f35977c4c799542

SHA1
7ac40de1d79359d2844128b68d18f9165d5494f8

SHA256
05553638e0728598f5132c476880a2108785a57def14bbdd3f247e9e717ba02b

SHA512
79c25547720f3e1b00bc25ccb5a146ac1274504d3aac8506365cfd1d6e2b78acaa6dfa39b0d236b2f3f8a2dae5b1b6b1ecdade9c2d5add893a518471604c624f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e7dd8a28e16fdd726d5ecb70276f1e6a

SHA1
81af911eb11c5b2782e0e2f045b8402e11d5d473

SHA256
ebaa23a5053956d6a9dfb9173639f514ea2b6dce90e62ad7373fd0a0c3b62d31

SHA512
33c1592bd12ce8d88c3dcc46e9e723f1e7d4affd34a689f8baedde3fa32390d25bb6f4a906ce87691607ca91d81e42ab93d34bc7ea253f1adb533ac16c3d1c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e2b48c105d5a4c3e3f588867c053f55b

SHA1
6da937354deef7dd1fdc1d3bfa873567c969a85b

SHA256
706e50d5513e662841e6556c4daddca0aef03767601052feb6dc979c24e151cc

SHA512
dace71d7dca0e66f45f7e7662f010960dbde1919d18ad7ff99077512fb257f6acc33c2cb4e8bcb3a84f2bca0f10072692a7dc04367f338cecc7b59a2d1394f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
04630fa406af99b063095b33eed17339

SHA1
00af701b11cffee8f5a93b12aa442a5278dd5492

SHA256
c562e34365853b5220eaa0b859a09554715bfa85d9dab50eeda8b494fb2cc53e

SHA512
c904408a8d6b8d5da4f6c05388869093b648a0c194aaa664c7aa5656c625838ecab1f5e7671eda48fecec15e091bd05686cc8debb115cb0d7d3e7d4c5bcc4b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
5b7edb6f1b8cf607465dfd2b44c0c7af

SHA1
a141e4da0aa8ad4a22b3d07291116c0d013a7e07

SHA256
3690e5f43cc3df78a1f0fa06f5a29acc81d90299569a4c7feae20d9eb1340a10

SHA512
27cd09d9702bced44d6319b2210ca819482edbcd053db0fc004ee98fe276b04635c0a75b94f9fc3396b34b7cb0a62e3cc0faea99f1ca0db4161a571d06f48f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
147260147ac70770b7b8bb80689007bc

SHA1
0b6faf093aa674fac1b02d2119411af0e5eb4e77

SHA256
5b912e2af0743c712b4ce83a001acf73af15d8602b3d90c166986ab5a3b188bc

SHA512
3ace0b0f946959613ffa9f5a7fcebd64d73e6c2decb7dfc5156b40a5a2ff172f60b664a812fcee0c85633615f847470c7b62113761a9b43ca58914d570776389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
e1d40acbb05d033e7b4010ae5b2f17cd

SHA1
2a2a394205e740f329ae0291c9044ea43d2447c5

SHA256
ed6b63a3e6413ed31bd614510521ce5b5f2053d628c661c03e5b66c107bb371e

SHA512
2cf713522dcf402ec2fe4ad797ab791b8298c49f680840acf73ca326694251eb5d924614c59b72931cdcc029bfa17025f66c826a752a03d9a01e61a8737695a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
2ae45873e2b6f1e4cfb9a545ae7ffa68

SHA1
ab321b9fc9c9c6568c89640babcdc82c873055b1

SHA256
f7367fe1be29e202efe119f7753203711a9fec51329d2e8b2fcb50f7e4204c70

SHA512
edacb280641190cf9ae5c11c85a9dfa8277d999339298183d8af64a6c58851d901fa836902789f46f806ab9858317e7dfcfcb3cecb8299ace7d1ab07bee22711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
73486a765634fa3c26ac4da345f47b53

SHA1
0266df0f0843247ca979f2b03db781591be33bdb

SHA256
9702c6317290129c338f3767b4daa832420b946281107810fbb7e16a3ed5b63e

SHA512
d28c900340c7246717faf1397f7860846db4af898a24844cc8b471028b6303b3a58acd1b9f60e5239abd4bd48e767befcbfdbd4994c3daa2c442022d9664a72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8f83159f05e027fb8bb1943af7eae486

SHA1
3d83fa770f3bab0d7c73e760b31cea64b9430e40

SHA256
281cd67c7479b5cc02fd122b2b2543f9078bb8397551ebed04441fd113455f99

SHA512
fb6f70784a9afa41376060550d53c9c0157c84c6d5a48afde55865b8ccd7595ec2a889daf0c8e6cd1b50ffa2ec83f5b6af76bd9c5e61fafb033f282618c05c39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
473084e8c549a7288d5d41a8c5c3c16b

SHA1
8dfa1b2beb971ff71e8e088fd0be5432337e59d7

SHA256
e92dfd2402422d230a194167f2423590cec6c2eab29a4c42bfc5473586ff4053

SHA512
b5efea6170b2b1950bed5789bb9d747b5d47bafaa301fbe7f4f3b9dec52a6ec762204af4a8e610c49a107e08007eea2c1bcd6f229c13d4c5de1cc0d0a8b4e32a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
31d85b2603e977f30e22ffd80400e5d9

SHA1
7a683f463420d5a2234cfbdb756327012365ec5b

SHA256
df5a1811511bcc58e3b84a1834663c753e90a5f0a4cfa26563fc20f23eedc335

SHA512
4ad1a70ca63c1a37e6d9b30ccfaf8fb50b320ee889aaacb9f9ef36d0a8725916cfb62a7f4db9bec5c497eb4f2afc4d4ba07abaa7b825a1a7b8d01c01afd71663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
256f8a630f3c7ed50d2174c792d820bf

SHA1
735501906c532ff763513e6a193ba77e27506d1d

SHA256
80b7e2814e40fbfe29265a7465f803c456dee280452e197f55c4e98aed30d6d7

SHA512
f70f6eee491bb399522dc0ff64fca5faf58f1085bdbcf0417bc42e0fbac8e3a2fdea746d2eb1a00a727dd2edfce2c8c38907f6a25e4fc7ab33f1593b8616f6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
960ed8fa77baf8b899693e77e320f439

SHA1
985d41e28dda0e510070ec46aa8fa1144e9347e5

SHA256
db93fee634d10e3b5569981ae47890d7bfa99d9f40c637ba1da722401770e141

SHA512
94aa144c0606f47d4f83aa25ba0e7e3a6048c033c1b63666c3e8e9acd918fc6c1590468c9b6aab9d5cc267286beef6c12d892fda8d3f782da07e012a0418651e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13372318386757126

Filesize
9KB

MD5
9736376f1460900edb38ff0844fef498

SHA1
335a93bd51c5db7369185693747027c118227bdc

SHA256
435a2bc32e56d2a200c1e1dfe79993295b65f34c57c9343938ce1618e602890f

SHA512
f9f1696394be183c1d2453ec896390c3a48f37543b17291034ddd612f9ae1d27f1f87099deb425d8a486f73c72dd1868498b227e297f824004da4640c51cf17e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372318387020126

Filesize
2KB

MD5
283a118875a4e9f44a8efb4bab7269ca

SHA1
bad413b9646abaa664d6379d7523bb42d6d4de38

SHA256
1d8d78ef519aac0a259e2da1fc073d4b40fd26d216cf2c281a89e7f03ddba4dc

SHA512
5b427b03bd8a53ed625c6e63d1962255c69e961682fd43672895c13fd61d2be831656614c865f89c2592b5252f27072899d8e2f04fee758bbed6f1e8e6944170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372318679638647

Filesize
15KB

MD5
47e459f8358eb67c60c3e6583690ab37

SHA1
c0377a75acf6f25b2ded496a243804049db92f08

SHA256
679cd081b26dd4499f2030f253167b5aa6437c1c5586bfce0ef11bb617587130

SHA512
caee32d46924a1d8b7ede9bffdff4539fd7a298a837d9fc00c6b5a2390d1e8aa9fa82a1ee48507724d55b88bae5e02d110a25addcd8ad4c581a4fa6c193a4e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e7e203abc23a813dc78934c93d223552

SHA1
c0fc12aff9d651b4f460704cdbc4fef5d49cb759

SHA256
cc1ccf991f9251b51e5225f062b4947d2eddc56fc72e9f29f0160e8260808419

SHA512
2c653d3d2996f28416c1b55a9253eab715c3e65274a0aabbb2a365fc8262102893f0cddc4ca8554b46e1d3d729391c660b338b44412565d2423128cf0ecab0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
df540c9cc0b7b329181132b40fa51b2c

SHA1
d40a2d1a7ae51b16384753f74cfbd8440c41fd81

SHA256
6f77907b40e0350df30209b636f58479a889a7d9948a3454b1e2544f7931bdb4

SHA512
86c8ad853d85642033089bbbb23cf6533ca685eb4f75185c871b7182d8f621e269563a95e93b736ba78a04c1d0250f3eb16fdd01508018183587a66629ec1896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c31c06f10082299822035a68ab0195a4

SHA1
d85cbcb581b37752f5b57050e6421acc3e41bf38

SHA256
f96d78313fdeb04574fea81f93892397a9fe64cb8bc3b57bfbd19e17a4c4ae00

SHA512
04e56319c0451a013a1d29b299b20c39adc320ac078cf9eee3b42872c19642e921c44845ea9fb82fcf38a6830d68da0fc6f6068b9e6b42a75ead26955409c572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
617d480bc766da76adc60ccbf495462c

SHA1
d1f5cbd8f67bda662bc10169fa3d3a13736d0095

SHA256
58b37e2a49fac0d43fbfcc79c8ad35fda3e642f1cf3b76a3ef57d9d0f29c4495

SHA512
bc3e02118df64d2664b1007dd0e2ebdd4b4bac65d95166c23e40d1c6d09e6877877a8442d8ab458303f5be776edf19b351b22fd9627b8cea62d06ad5340f9dda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eb51e0628c3ce342a6d77ab77b10d05a

SHA1
bd19bc9e431173fd7fa6c9c07fb858477956b419

SHA256
a44b7c062e5ede32f61ff56144aed48518fce2da8a7032003162cda454192543

SHA512
a0306564ec1f2c600429f0bfcec420b96a89f22e163d32c293d81ac145029d59dba239f5e899fc4c7c161b7d7df4b320eaa5d1f597657d7111ecf280c682df19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04ac39e424df9cd9d909357a8a131731

SHA1
a4735104fcccaf48c30a57530ab84a926ad22333

SHA256
182a38bdd4cefc06f535503b455943ff00b8b02f3801e717cbe2e37f11aaffe3

SHA512
1b196fcc1e3273edf5a7d8d24e85b867296477c0bed6b1c8e92ae3acf82602601d3d89e6d8a87c441180a3fc4e8d70ed5f8e3850bd731d8eea27ea32b7731ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f0217588ae84378804d5c708fc390ee5

SHA1
ab4b151a048edfe4931a123ad3a7db11d47fc249

SHA256
8c02ea9852e72d1752a55385bf6e04d9e34e2161cb81845d3dbbd2d30db446a5

SHA512
d192038e095fa2a44499a6cefaf983c8298de2af5c0bed726861eb40bf40e37b620a67cd1184e2203e8ab4658dd575fbdba608af04ba2a63dfd8ab96d51405ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
be920fe680baf887ea9022f541155753

SHA1
468bc6f890787c11eab0a7fd6ad3b6c0b64b3638

SHA256
a5fdb14beda9ee7b2f30e68878284791f7885b5c04938afd26762f8901627e37

SHA512
0c2e5d930416699d91a86439cb5d90d83c5c6a9305ee2cc54ddd432560d569b65435aa23da18699eaf1009e015fb7e798f8ed4d31ab51f7ff7fca7b474b51431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9aca33b90341357227152bd8dfc2c0ca

SHA1
bf3bfd8a7d3a7c9f9136a56ef3072516bac09319

SHA256
c94ef0fab6ccffbe095f01d5c65073f0c7c7f52d7bd2828cf16df1a43ae3c2d0

SHA512
e2e78daac558e1629ecefce16309e06972c4b93df37fdf695ee177c7ef5da9d1f072b01d5e268ae976f2235121ccdd554dc608eccc43f5f2afdda8f76c3e041e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af5393aa-993f-4077-9913-8d49581b8832.tmp

Filesize
6KB

MD5
b2a10f9c78571a4b5a995c7ec73f2cb8

SHA1
91af283cfd8b2e53d4c365ed0d963763a6128415

SHA256
83b0fa1ee6ecf63c4348e582b31afce888dc1c53814c57a791cadd261523556e

SHA512
af4a3b92cc08a125ae5b9a99539146e38be78f17eccf2c780af62d99054d938d5f8986017328061933b00aeea8bc8859e339680ddef6f8f050ee004175d7d1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
f663a3da8151f22801b34ee046608052

SHA1
4d0c5fb995d862c7758c5d5683a3d307194ecbeb

SHA256
6cf760949724e0f1fb0bfba54b28417f1453795d9a02f455bc0d723aac3dcb85

SHA512
6ae91c1b6b4ac9f7b265880a0b08e57cb0ded40b899abe0a0c737fdbe42fe2229ae5aa96c3a733167bce2d4892d838416278ea5f1ec39f49db0a7c95107928d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
0126eadfeedd5138385e0195b67ce1aa

SHA1
aaa987c87628e725c4804531081e7b62bb6b43c2

SHA256
1c08533663144e3f8251d8c5b2753f19002660cbdf1b23614296a1543769eb1a

SHA512
024e86f82eaa62bf6db5df990de8d48496f14c37c12f005a27eb458061690611717a6c8f23ca0e6e6a4061830d2ba7ef5325d8a7b04cdf72fbb689eab74e71a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
53380b6a9f4cc8714feb4dfe790ac9e0

SHA1
b8c63adc42d40d8d8ea70a75c042750bbb41e2f0

SHA256
6df3180291394f17c4ba0029f710d14cca904271a4389676b16875b8c013c071

SHA512
667bab0dc9401633bdfe077aa57623ebbd3384224a84bdc21e76b9bbc8a3260c40178790f37c213054babd51c432f5b02b963f1a0f9cd2ae890a98e5b757b828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
2c9001964369d861f7bf8e176fd3fa5a

SHA1
304782ac8969619a6c007e6202ec95d18a2638b5

SHA256
9cdb3367b81afbc4dba052add893ce51f06d92dedbd4dd0bd9ae500e503e3cf3

SHA512
948ecb473ab081b3f4d3e94f93829da25c3fc2cfd192b50b0e8b58a2bd8eef16f35c8afc71f333c9cedd01695ea49bd4a3419fbacdf02a5f2749d1a4710d57b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
dd6134849039cc29b12f4317368ff0e0

SHA1
6f08ec082b9e13af4d174e271678ce96f34a9409

SHA256
833d1f13a4c38a9bf3bf8f9493b97a14b4d7f9f2e5af68fe881309c98b783e3c

SHA512
5a0429e24597444d9536be157961efc95ac48c9cafa82751d041c2ad7c5d753794a83883536ae1e99916ecbf78fd6e0fa9056f21400425707ca236089425870c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
8b1269ca0d6561c40fd7df7a11c078ec

SHA1
5addb0ca46d7b1c4a8fc18ec64872e5927dae1ce

SHA256
2159591fa848e1afe7e233850149c0a2c7e69c8d8035c2611ce669793173e7c9

SHA512
0e81d3524c39f0134b2920f8b8d784ca37a9d2ebc950346891b45ed422155ef06ce6b7dffd346d7ac2185b79ad5a0c128131291e51a09dfe4b4f2e8a9ba919fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
645920c57137ecb9c4ccefe7fbf8bf74

SHA1
455ac44fec674a49e234a4036ee97e214ee510a2

SHA256
509f26533a06528dcbfc567c09663c6382a4287a4fcb7d56c570fc0405e2f47c

SHA512
1c0c615f113a062967f8ca27eb3d3aedb03ca36c976ffd085db33e9f493fa1ce48a347977b05ea0e0ecf8a463507f8a4a9994dfb73513c480bd4c991c601079e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
577ca12e606df4457eaacd2ae9f316ed

SHA1
6deadc1210c1cecd311c787ee6f2b62c773103c8

SHA256
93bda62e3b0528667dd7c83f24eac367840819be285696482b25aad7eafce01d

SHA512
1f71835a062d4b69b8b6d129afc0b05cc4227007e373bec4bbb4ab15689d70d7fe37eea714ef3dd3e0542e5711acdbdc8d9e5a4816f69db42c2194ae038e5566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
1e7539a81a237586a3466119037e4294

SHA1
c234493c58e17a3a69501ef75f3d24bffe6c8f61

SHA256
4661fdc1429b56d694af89a181c008667dc76d28ae3622a1284c443c9948a8e2

SHA512
79762e6289ee2a5269419802501005a625283b930b9c56d71981b928ac4ba62936b6056363fd121d803f36d43318a8163db6f9d07ca638a15938a0e30a4e2ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
94d14799a827b40f697e6d020ca4a3fd

SHA1
979565d252d320b32320bbbadd0dde85791ff54b

SHA256
5609302c222a08f8bc265e50333ed98c6721358ef4887d4a7ded5f644878d198

SHA512
e157a90336b6a7742a2259c50748f266c5724583e771013e98e664dd4dba2c9d0703ebb24d2057c074e5f77ba8979cab3f9f0d8426070538bae704dcff03fcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1acf2ebc86eed66b70e81f196aec40c6

SHA1
21dbbea239ba2b176d96c0b29124260c9e76dda4

SHA256
e89c37d22935240096eaf133de8695412414a29e4d2ccffc75c3157f8fd60cb2

SHA512
df403fb7c542da28f0d64e7e7f8cb340d5dee9ac4f6a825e29281b66844135e5aeb78c79fc15c39e75db11c077250a6ffac6221d1724130baf9b2e5ba8c53fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ccd320de7cf7df19c8058d191ea419b0

SHA1
eb30df5bbd6c51f3dc890119ab3c493b95b498fe

SHA256
975f238b3f4f6a253c16e75ac5e9d08b2fac72171d5ddcd71f3c983f53bfc500

SHA512
7b1f02ad177e1d3ac36c739893c77881e31b0e25a6ad1579a3b72f9541fdcc4caea45cb80c7bafaeb3545ca590c2f66b28d0f87b7c40ff3b8944e14f13751a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4995fd96045f14261a9caedad364f41

SHA1
dbe3b3b3a903200a0820ec8db5cfc2ffe6685735

SHA256
bbae8f1977f7b844c9308975b349e3c21b19b4bb19fb2e89fcf98a596d05745c

SHA512
ffc99a0fa04e2ba1b0e7d94b358862b499d1b1288d4754fb78a46906bc02a44827f38f5465f0aaadac85d53837fc39301b2980559095a8807483ea5c7ef29848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dff267c04a60f5a0948453a3fc1c0683

SHA1
bb13475ec80e3d1889f0fd2b594da33c543282c1

SHA256
21ba8db2da946bae4341f7cc2ba335f59a6923590776883e974a0fad57a8a866

SHA512
e7b24609d09553ce790b13b2d695d1962b13c1c17fb8c8cc05a8ad3143efcc14d6730379d05fd6ef0a594e64a7cfa607499e3d3671755f8a62c6179d3cdebddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e0b631488a98b6567c367e37003e5f0

SHA1
3cdbe0665b73aadba3a44a05343f6c418e2caea3

SHA256
1e8938e364a70ee4c86de96a9ac95d268b79bd2b1e4d2f9eda5937c3b6469f39

SHA512
7a743403852e9cb897e702b43a8d8b9227296e3c26d2e17786afd1094e03d303133ac10aaccd3f71c8fb0de0d117907900df5fbc25d71ed6765bd55414e2710b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
881c285ff26c6f60d7ff8127682267e5

SHA1
6a743699e922278b4f8f05c16f95d106b58ba257

SHA256
0bd43fbcb7f671cc2a31bac45f264b350ca7a7d8b576e0f5380a46c17fc855ce

SHA512
a2e4354e5e376eb6e0b9e1d069490e6106ee675e33a6d001bdef94d823b8d3047362c47fba38251a5afeed76c4f698d7af312de6863fe18d2db92b36f83600f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7dab9e0cff4b3cd5a60f670762de5274

SHA1
ac1876910bb0f17dbeb5cb65f4242a32ae0a0bf5

SHA256
dff90780671650d7a695f343db54fdd4c27c950d38d5c8e8709bfbab05618080

SHA512
1f91d9e39201a9fdb01812952bdf112666dd774eb016158ee8cc7d0c43b4b890c6c2aaa6bb2c1d7e6bd5f50738f06fd00a2ffca8a59252c2f676af40036e71e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ea056b57af3875041570df7cd4f39c5

SHA1
65b57dfff785c18dfe90def57bb2d1ff0ba83e83

SHA256
c0fe2cc86a5c3bb68c74c89418fed5a5d94dd79f3feaa873199e023ba8f039c1

SHA512
2e2a7f24408671ce44d2f53c0bb75472147a4a195e57fe2b4b4cef2f592d36dd30a891c74684245b87e6967143ff25b6135515220c27931e40fceb4ae04197b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d997d974b9fc296a2fda7a4b702a292a

SHA1
4b8a59fca09c8db37b18a4f7f697907f0cf25d6f

SHA256
3e7b836ba5a32d8861908c672fec20dcbe16b3728f32e51eed08556c5c2b998e

SHA512
6ce86a90f19ce39602f9f5b2e4cd4d3fa6b6d1e711fe768eb81fa0b5e1cd6bd32f9ad793700d4acc027cf8b426bce29c6fa1a448474d856929e53b3fb827cd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03fa6125039016c4ae8f9fb3cc4fe4d8

SHA1
5e205edf87fa204d8e6d59e7e9f56b7fffa7a421

SHA256
bf58161274d32747ab6ef8f709bbdf93f3cc5d20551a89dd5dab9c2250150cc5

SHA512
db8f9ff43f8b799b93e946c8d74ce124a6bbf4e09bb90540df6a29575aa6a209ce408ecb6d12ce0c6fe9abb7bbbcb2d68e5b661cdb77e6bffd9b9b6232a78a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90f97199ddb628e8145dc11b93dbe738

SHA1
00741cffd9526f1236aeb3c8ea7a2e3b82180827

SHA256
0659eef9ed4362385aae1a7fb23b3177a94996d08f068ac46c12f094bd2175c9

SHA512
24af3817cdf9fd80a1ab8c46bafa53f3baa062b7452b6e9440b6706a098b587e21b120fc17c3ce011e4b5ada78ade6f2ac3db700688e1fada925ee7601cdb3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f01d75d768ddd883d1d6c311422a64f1

SHA1
28679e6fda23e01678f98d474131d9a43d2a3767

SHA256
3646fa2a0a946421e187acfd9eb1346369e0f2bb5ebd48e136d047e95454322a

SHA512
99c561fdac9babc6e0d6b97c86e49db46be75c8f5af108a94a442f026f94e79b3de6562926b66e68a2f7641a28ffac53e5593304635e8ca4a2e2958adc67cecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
501286f08981212576d4354976042602

SHA1
4ca897e932e0f56580390c9608fa4a64ad8b82cb

SHA256
5f69adfb2009f4f3b696697842314b52747adece3f59e6e5341fd11a274e5481

SHA512
4f5fca3218409f5dde68ff3c8bdba454def305d57490e08d306d9a7b9b33de4092f956a0c07c771c8d4ceaf7da29b105ae3f6d017a5f22372490de06859d289d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
670d97ea7af906e492fc50fa28954503

SHA1
360cdf161df387278250df7e4d9edcb75c0d7ce8

SHA256
36d1e3bea95831928e501a1d5775bc909f4f786b839078e8b40ebc4392101bd5

SHA512
d16abcf80b1285c67d71ededfbedff16cb6a7b01397c40b5737608fb3fd775d08a658f6cc81ff5f09970191a9921a0c72225df5024f7363723db48b75311be14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eff360e56ece9c45bb433341461b8bb8

SHA1
fb8b3d2f64fd338e1ca41942ad694bbc3a5d0d2f

SHA256
795b929a04f575739a1cd6f0b4dc274d49e607c9170c0d56bd2914e525c1f920

SHA512
be76b314cfa1fce7ac0f00f39bb13ca28279d566e25a39c742867bd38ea893e0cfd7fbdb49fa54aeea988bf097d34c628b6254ed81409bd91abe4a1829aafba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a46bee2715a45253991c62c35930cb1d

SHA1
ed08c3c559fc50f277b9df0e86f2899ced9288fe

SHA256
2725b4004385ca27b70eecc1ec303e6e984101de43f549d6d2e14b79df42f42f

SHA512
c43fb936cde0177c614a28a4a8ad6159c97cfae4452518fa8d8ce54af6937161f0a04a86148a964b4ba11433081f64959d7b1153dac83ed772f374f443ba46a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6dea451af934de363ce43fc04d60419c

SHA1
dbd07a8b471ba8467b46fd42411aa5f25cb263ff

SHA256
3fa3c8d862c811ad0c92c9fdb0a2532c29d966ebbe3ccc23f6a76127add7815a

SHA512
06e8c1dc841eeb221cb97d2256e939dd9e41c89c6b496f0aa27e8032e58276676b0e0b6d53e3cb83d6a2144e81f4aebda20e333b3760c9485bed4ed757fb1699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05f3a956931511e01415ad76fd2fb021

SHA1
5f9e29eddd20cb2679a1c0fcffe958c2e760091a

SHA256
6348f134158405d2c64225a37118fd5e8537b9389d51ccdaa241e91f308be55f

SHA512
18e50daad8edf1ee4947141155da1f87976a9616e7ebb5f40cba331f5537f4ca23c530c809b5e67f0f4bdbd04535f5539a5371c9cbf523bcad4c1378ef6bada5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbac5c67e8a3f885201bb1b7628a6751

SHA1
866fb617362af6d92788d137ee223a4074b74ae1

SHA256
1425cce0faa895d84e6c6aea5c514c07d576a69279f0d5c2277834a6d0632051

SHA512
cf78ae951490f813481bf6616d54fd4e171524c15af0990ffd69702a617f4c0b78a075d2ec9cdbe6f2c775e675b13d91657ecf0a8951f16b7254bcaf320e0831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f97ce5e2fa191d1df407421d8f4e4f9

SHA1
9c9ec2d4f4d41b13fc1d1e6ab4872a24c7b7c5f4

SHA256
9f017f3b5325c282a628abb123a0d42711231536a32550bf861aaa9cec647047

SHA512
6649aa0147b7cf6f98d2680af4e3531f662142c8383a68955cb3f5d7e2b2fb0c73a21383eb1a1a0ff4a72559914c75792f7c110417618281b381c8709f3859e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dfa11485ed4e076d13db16fd6c7f02c5

SHA1
1afdfa692f9a5cfce7c170f646fbb135ecf6d1e7

SHA256
b984926d3c63f2cbef73d05768b045e22478343dcca66fdf690e7009fcda09c3

SHA512
ce43eb2394cf9df4061e536f89051d6f45695890b93ac5179ea33a48983fbad962bbe32d818d7508109c1403203260416e195ec08c8a7ab8e3c1f215a125fd48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c83279cdd6be8c630102353598fe2d3

SHA1
ef8175a420df6fa67bd51679b60268e7ff1c4fd2

SHA256
5d4daabe3b40d12164727bda3e3fc684458a135d927dab103825badc925837a4

SHA512
9730e61e43245cb966aaace2d550abcd6d9244c1d8b25fcf46877b2765f806df65ff75661eebc9a4e6e94bea4fbec8b4856ccd7dcdbe547a98b2d466dbb960de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
911df3d9c2be957bfaea84388ae566e2

SHA1
ca83157c8ee5edfd82c9e8283c420014e3d16fbc

SHA256
e6015fc325663190b22e1946a1433184f9a717218c59d6dc973844c1ba463882

SHA512
cb7f7121eb95d7a358848a0574eb48b3461d721a7599383bb03328ba32667a01f5b6eff92337eee52710858ef182b238f72b8531c156ed831ec1faa58f37759e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac785c604f3fd8c6d858fe3a2b85bc5c

SHA1
8e2cae6f54b3b202d79bb11828badaf82725ac76

SHA256
e239f486d1da7b78dff8a2157da134a750dea1e33f54244797d6ff4611e4609d

SHA512
d43ef7080e3ea882127dbfdd5b5c713ace701eab2ceaff9b3c219a3b2aa645d3dc50b71ff54e6d3faa260594d697c3214dec6caa2c3a453eb4a801ffb16f5e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb6894a5f4f4248ec2b52e32e753b04d

SHA1
ae8b6fa0c667c2a2e49e6bf4b7d00c3d78f92dda

SHA256
ef14f4263f8b6007ce1b2ce90f4e812401880dc3609c8523b969caa7f4d874da

SHA512
6109f2016fa06343991c1dd68661eb34411061cf64aafdf109044ae4e9a854bf508c1bbf27a7b1c1593c4f1390f8b9833cc4d0bf269e05bd03447984ac666596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e54b7244b68e32aacb897d25af9fd027

SHA1
46d88d9d06b69aa3cf20c3431e65b00f29d01e02

SHA256
e6f2d74b4cc50bb17ef490de36d9faa9944dd30640914021859a7bd4b0a1a1fb

SHA512
0b7cc4f615bd880b82309b6ea8f9b742e0b508003d8ed5b12e419737bef86df6653c4fc052a3648e094cbc1d03bb3e10b3274fb5c5a72f2c4458e92cefca9b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb1d0f5b438665d236e200b9b3989774

SHA1
65b1695fccf0f423f9fa58201d2f8e7f8037605f

SHA256
f417ede9b3e72851da377f95fc29321085dadd5a11ab201e6b8478a770dbb42e

SHA512
f1b361cabbf7d3f9f922743b21ac013b773982f9e83e13aa067906c9a693c78e1b07bbb51785e90c621972aa9734824ec4c18fec85ce94f4dcb20c873af0aecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd317242df200b9cde98f2bad6d2ee19

SHA1
fc038f2989072cb6dd24471c0d13ed0b859fe299

SHA256
0570bc820e143fc20a5625716d45539e05c4f5b39982566384b6dcb5a318e181

SHA512
2f0a04a01c65a578f6f58e051323487b1f670d37e64ea7f6f5fe858fe890d17c91fd0074667be877e38387a83ff6155ca95de4c7f42a33bc330f3959f0718e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb7478a1a902ece60ed843576e295a5c

SHA1
921335af19cf35fb2f52ccb2ae2c70d599fe92b4

SHA256
81724f1ab62d91bf142e99ad9c0a049ca5f9f4f8910b1262aa469d77818466f9

SHA512
ea15f4b6449dec24cf997916ca38c09efa8d8f63498a8886cc0aa8d7a1985faac406478c62bbc0318034459c021034f09ddc549ab4d9d3a7099228baafef29b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70b5541e313d9fafe34ddfbdfc03ee5f

SHA1
4020e13170e6efeabf02ce2f7afe7ea3143dad09

SHA256
91240a597ed050c0912e6fb275cf0ead7e90b0142c04243468feb51f092d3e8b

SHA512
1e5d736c224961d9a40f49564979f4de34496dbf720b213c1a52f1ba892079e4533fce423b41440b0f59ab1dfdccfb7cc89f7907c536d2efe41055cb3f3c3d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95078791448155fa4a2f25d317d92da7

SHA1
9dd296fa5c2ce7e702ab5b0d9b11acd66cb4b868

SHA256
0ac8930235ea209f4729fee4a020eefcccb034c54f4a88bf51ec761d246f396b

SHA512
9600d02339f161ffbc745e1d319d424b9ef665bfb1eddddcfb5205b375c08d7c1994288ddb7ba01ed909ccb7267ccd48e53e0c3607fd7324267123e486bf3741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
274583a65fe6b9b9874eb891eb0acf17

SHA1
19c068ea4adbdf7bfe8729c603dcf8ba9249dac5

SHA256
817f4787ab03c4377decd864c064ec156a0b3f5dffdc70795908d37a81a556bb

SHA512
249d4ec5e10f0d61965d6ec6da27c0e620b362cae669f92fb203a06e4c0613dc57ce9c623fd4a19deb83cd0a9e5c6b2c7c10b33dd4f8c7e519db5fcca9758286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c69f986aa3db5202163a9b4e60b80f18

SHA1
505323b6be577bce2359d88b716bc29342ef69d6

SHA256
ca3e78b9a340c4fcf81a11a76d05a4a95bbada8b755d786416600a88be41633c

SHA512
6f671e2626a4adf35bcc748649e82ca244506ec0eb8c7b2f02eb95a8147410c5ede25566abb3987a941bc869d2b1bb0781ffdb0af4626cd3252174918d43a6a7

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/4972-891-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-881-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-887-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-886-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-885-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-888-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-889-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-890-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-879-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download
memory/4972-880-0x0000000005470000-0x0000000005471000-memory.dmp

Filesize
4KB

Download