7258b1e0eb97c2c03d92611a52bb35831803c6b389801f11819489fc045ead3b

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

turbo Buffering.exe
Size

220KB
MD5

161172836daa5c7b8db9532ae3201292
SHA1

93cab7d751276032e8978f6d0b78c85d20a059c8
SHA256

75049999c82a9c24fc7c9f5ef89f179ee7bb67561b35fea88a1e6b888fdd8060
SHA512

f2622af4e68bce2760fcba6303883fc7e692d605d931cf50e64875ce4695d84bb4f8ab809d4c6f329ba99fb12d078c91f8fa35d46baa346b8d85b52cfd069311
SSDEEP

6144:Sz+92mhAMJ/cPl3iTWZIukRkPkZYWLjpP7D9huzA:SK2mhAMJ/cPl+kIXRksYyjpjDbu8

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	turbo Buffering.exe
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	turbo Buffering.exe

Executes dropped EXE 1 IoCs

pid	Process
4420	turbo Buffering.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbo Buffering.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbo Buffering.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	turbo Buffering.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
1716	msedge.exe
1716	msedge.exe
3688	identity_helper.exe
3688	identity_helper.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 55 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4420	turbo Buffering.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 4420	2028	turbo Buffering.exe	87
PID 2028 wrote to memory of 4420	2028	turbo Buffering.exe	87
PID 2028 wrote to memory of 4420	2028	turbo Buffering.exe	87
PID 4420 wrote to memory of 1716	4420	turbo Buffering.exe	93
PID 4420 wrote to memory of 1716	4420	turbo Buffering.exe	93
PID 1716 wrote to memory of 1644	1716	msedge.exe	94
PID 1716 wrote to memory of 1644	1716	msedge.exe	94
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4416	1716	msedge.exe	95
PID 1716 wrote to memory of 4644	1716	msedge.exe	96
PID 1716 wrote to memory of 4644	1716	msedge.exe	96
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97
PID 1716 wrote to memory of 4132	1716	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\turbo Buffering.exe
"C:\Users\Admin\AppData\Local\Temp\turbo Buffering.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\turbo Buffering.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\turbo Buffering.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:1644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
      4⤵
      PID:4416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
      4⤵
      PID:4132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
      4⤵
      PID:3668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
      4⤵
      PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
      4⤵
      PID:2348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
      4⤵
      PID:2220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
      4⤵
      PID:4904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
      4⤵
      PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
      4⤵
      PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
      4⤵
      PID:5856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
      4⤵
      PID:5984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:5992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
      4⤵
      PID:5556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
      4⤵
      PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
      4⤵
      PID:5720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
      4⤵
      PID:5448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
      4⤵
      PID:780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
      4⤵
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:5212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
      4⤵
      PID:5884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
      4⤵
      PID:5908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
      4⤵
      PID:2360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
      4⤵
      PID:5524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
      4⤵
      PID:4312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
      4⤵
      PID:4360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
      4⤵
      PID:5132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
      4⤵
      PID:5668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
      4⤵
      PID:4584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
      4⤵
      PID:2784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
      4⤵
      PID:6632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
      4⤵
      PID:6720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
      4⤵
      PID:6364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
      4⤵
      PID:2220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
      4⤵
      PID:6996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
      4⤵
      PID:7008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
      4⤵
      PID:5456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
      4⤵
      PID:6876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
      4⤵
      PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8932 /prefetch:1
      4⤵
      PID:6608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
      4⤵
      PID:1908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
      4⤵
      PID:7132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
      4⤵
      PID:2196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
      4⤵
      PID:6792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
      4⤵
      PID:4124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
      4⤵
      PID:6956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1
      4⤵
      PID:6372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9672 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
      4⤵
      PID:6640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1
      4⤵
      PID:4868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9528 /prefetch:1
      4⤵
      PID:7528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:1
      4⤵
      PID:7628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1
      4⤵
      PID:7900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
      4⤵
      PID:7244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10068 /prefetch:1
      4⤵
      PID:6512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14226988189843897421,11146847123029098910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
      4⤵
      PID:7632
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:1324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:5468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:5516
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:2228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:5404
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:6092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x94,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:2144
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:1744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:5264
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:5348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:5764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:5528
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:6504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:6532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:352
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:6224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:6948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:2376
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:3052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:7148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:1808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:680
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:6208
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:6680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:4124
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:7432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:7448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:2268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:7192
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\EmptyT.vbs"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://smartpcsoft.com/mytube/
    3⤵
    PID:7880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb67f646f8,0x7ffb67f64708,0x7ffb67f64718
      4⤵
      PID:6184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
59KB

MD5
67de6b354cc8f8fe2d15572c318fb1f0

SHA1
710a142cdb2968ca3384be73c5aa3356893aebdd

SHA256
dc187370c0f36a2d089e1f0fd5dd3efb76ddb29feef009daaf7fcd31df7fcee6

SHA512
161441ce72aba66bdb08ee2594ec13734a19e806b967148a940fbb35ca8061b972cfe5418f0b8dfe62111ddb28ecea58e3135d4f5f1ce97a555118f2dee6daf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
26KB

MD5
b51f9d778be466703e73aceee13d836d

SHA1
cc5cd9dd2b48712dcf90f14a1ff19d729c43e378

SHA256
f1e36d8f99614eef048fe3cb4275f3234536bff3e3b1b8f763f14a8a0cadab45

SHA512
381681bd3a3624e955b6db012fac9a27eb28d816a0fb1f2c460983506feddce13aa9d59df2cf6d0f0ad44eeaa3c5fbe2d72f638b47dfe92b16c7b568cd2bdbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
e02bb4d41ed045140fe9249ff57365ad

SHA1
37c07053b90db817755c57cbd1f1165f73c9d890

SHA256
df60db7c8aa0c918fec32a9f77bb54b2c8b2c9fe8b236c8584372104f5e33e00

SHA512
cab252ba70ee4ea3cbb50043362d2dc53975fae7b2c83d7dd9ce04534e263e6a1738291a3ac3c15597517c80f28f5cd40318208450e6e91a12d3f7a2288f23d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
51KB

MD5
c3c4281206eeed7a9502dc59c9ba7c80

SHA1
0e24f77d81fbbf820364d264dc25667abd5332aa

SHA256
1fa4714f4a1a2e7890d475ce2307a968e2410adbbfa0e15a0ad6b82cea0362ce

SHA512
f318a2219ee694534b0ad20b147e0facb51de03ef1bb8d45fe91762d0cb5c0233068aebc1dd9a4051694eed6a459bee6a5585bc487fcb27fea58e313a77598fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
143KB

MD5
d26c7b413599df8243f76c3083215632

SHA1
837944485693fd725a50decb141a3b3debfe2183

SHA256
785de67434da1e5fed05f46b49d100e7b20944fe91ac15d4645b5a76139ffb3f

SHA512
46a358de9d3f3008872b2c4a477f2a0adcd9844513ce79b31f0863a2ca936f5bf8d1dad733be1db36544b409ad1162e6ec58246436668a5c9e59a23e1077e5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
93KB

MD5
3cbce08aaffa4c9b44fd6c929e6455d9

SHA1
b76cc2653f095e09139bd2497ca0fd6e91c8af57

SHA256
9b83a72e09ad483c62a59745eb4a72164b9ac105f29d410bf8c8a795395c9d70

SHA512
f78a058040a82f68716cda34f5b4d7124487c5e4bc1008abedf1b195620f29b95d3741b0e3b66eb0d1c9dcae6f33bebc7606cc0363e88eed3e4b1d00849ae157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
95KB

MD5
1dea8fa8ac959d34c416e02ad8746f70

SHA1
2f9241a36c8f0e0574b7e9282bd35e339a0c87a9

SHA256
7e429021586ace9ddd09aea70ae3871f45c0cad68ce1d5e193a837df8eba4bc9

SHA512
e4ad4879416b98a9805ce7b02f66fdc3c07edbc7842fce83db07dd7730418cf80e287123304ce304a6802d7a84e81ac06b7c40d739c5e384789b367312daa9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
63c58662612777fa382947b3f14f8ac4

SHA1
b0d7ff86472ff49a50a563c129dface063e0897d

SHA256
25ea4362789685ac932a8bb218c53f5db717f75db8230b0c568c5ec7e64eb3ca

SHA512
317834a97ef4ef7d6b14619213fea4fdefa57740176b068f3803d3d0dd6e58aecc6ed58bdff57ed725f2f8a68049de904cdfac40c7ea89480d1e62b07029adf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13281fe44087b7dc_0

Filesize
2KB

MD5
4f996ca0db6e58c7ca1f90cff9680638

SHA1
73afeea76feabd25ff0db04f6b47ab7456cfd426

SHA256
e73236c29f881af3519e8cd3fbd42af61ab88c6022551cf000cb44a075945576

SHA512
e4d46cb58900cc18030b3f8cea8623331a0e1852124c52d09f6a9804b41ff18780262b5d0780e6b69b3236b76d9fe2930f5846e2c53ba3b6649995ee77108de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\161a6cfe2dc6b6e8_0

Filesize
275B

MD5
afe1ec360a97f7f214441a3858b7198f

SHA1
2c7e527ced0e1005e445d9a9f763abc81fe57c1a

SHA256
84131491a7371569bc307cc624986fecb563924c382c08d1840c93924a43b4d6

SHA512
66a9a3b33e3bb45d85a851bff32a9724572761e46522a78616ba85d5d3cafa996c87092b2fd5e9029df4c2389d6a875962b820a9122d1d4e25a908feb546bba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f28ee7387ae19a0_0

Filesize
215KB

MD5
0611737858d4b6b93d572d773a4f7951

SHA1
3cf3a09f095b8d4241c302c1f29b315420c90974

SHA256
27e7a67836f9af23d29d687d9232c3e29c59361cf894d204e8b665e973ea21fc

SHA512
a9c99813d76c6160445978dae989ba5bdfc706fcaacf766503003e6b725663a425a57506e100bd55c9297da78d06c45ff9ecd0c6df724c274e2910fbabc42d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23bfff4560f03d73_0

Filesize
388KB

MD5
9cc11d38d0765fb0522fd648c128be58

SHA1
d614cfb025489b7be573c456f06091af67f4f40f

SHA256
a25ded9867af719469578365a3fbfbb9c05f1d0abd2b48e94f89f823ae32b8fb

SHA512
287dbc170fece144292ae7254a96346de5b1b6c2df3fe58836abc6324c1acd658c34717a6c1f9e33020486327f55002974b33c839a00703d3476916cfa384d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26cba010550b3175_0

Filesize
303B

MD5
db063369709e7569001a66276894e973

SHA1
69403289899da9f0c8fcc8a64af416cff80d9f32

SHA256
f9226af70503b31820ec24c973c42d3ab92a127ddb0c9cb0df4d017cda4ef26c

SHA512
39edbfd16f7d1309c07c269381751a994862328b949dff02324b5e48f398b429ab70617b99bdcb9135c82b330b831c15c37ee92e6cd545d1f75edf744903ca6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2be4b8f7b3309847_0

Filesize
54KB

MD5
0e15e4f454ca0c55ff1c0ad3d01d8871

SHA1
1151e7f2c93655edc0f8045f58637ee456165243

SHA256
a4f8c6fc1df52b31a3bbb163980780408b013a845e154cb73744b5cb72f8e6e9

SHA512
8137b1f85b2f4c3e5dbedb90dd0d7228371dccdf142af4b50e97f477dba493c166fe435f0f9be502d8d53714e6e9c2e27b9be5b3e282a4d4e7a0e4757627a625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c71e62a5469321d_0

Filesize
1KB

MD5
4ebf7b2f4d343ee2e1dee02af89a02aa

SHA1
f20d85c3247109762532e157df3292138e63f500

SHA256
5df86a22ac72945b6f2522155ba28e71192bdec47316acb33447a3ae352b0b2b

SHA512
033668df3205683ad173259a3dc49b35115d2db574f782e1d6ced772438e1bc68b38a944ca2adcf0825150947401f83221e19a9005717f1f64f26b6853cc30c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d8542f1d5d6b27e_0

Filesize
1KB

MD5
6362cff8accaa09e86308c107a10caaa

SHA1
89e735781ea8f83b7fb80529cb9a519016117dd5

SHA256
4b59f66b71254390bac65f3384677628881b4d1f9fa2114630d4979ac67da099

SHA512
5137fcda42d0729aa5fdf799766ea3e763ebd6e60389078e4e1ea1b6033e1a51fa230a263b5a382602d94c2d893b33607ec65873748ab238fa76dbceed4e2cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f53829ee70453e5_0

Filesize
3KB

MD5
455397becdd85ceeafb41fece753e7fb

SHA1
18d72c1f3e0e6f3ecc300392a3559b4a9db6317e

SHA256
69c1fedc52de83f6d0f8faa7476d0fa6f0ed6640566422f67ebed221f09488c0

SHA512
95cda179cdcdf18367b2c7772d3cd85f1304850630a996911a939949cd9b9527718e341ea1edcad8b8796cd3dc738cacc4180bccdaf266ea83fe41dd2aa5d813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35b1a6be708e5ec7_0

Filesize
39KB

MD5
2e6a9afd23a00ed5e3364a5662bb6a0a

SHA1
cbb8edf732316288ed0987f13cdbcbf22eb06292

SHA256
6348ee42afdef17daece7cbe8ef6e366562b23d669290f4bfd85dd5704a4c7d0

SHA512
a89c77a6227c8308297dfb3643d9851ed11a338b4850e276df0e4de570c813b31e1a0fe65a703f4a1bcffd69c356322aae7d0305f13c81c3669ebdaab132673b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f2eff7cea3a7f04_0

Filesize
240KB

MD5
69417b42f22fba501b8796ef0bbc0ba7

SHA1
2936c66dfb78db3f7b363ac8792876e7c0f79877

SHA256
04316b3da0e93249e136094a723f12f36ec05db2dad9b9c0cad70d7ebf21d2eb

SHA512
b5a79e56ad9a7677e4ded74ad7317bedba1298923345e26a9f7396f265004309f821cd5826a8609d5e1656ad3fcefae6aa4c7b214f9c60d635a73305e0b1880f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49af014f4240057d_0

Filesize
1KB

MD5
099fc1d15210cc2e31b7d751558d748d

SHA1
fdb296162a19708ce8f814e6c82c17f8d1888246

SHA256
0239b0ac22f5e44b7501c484491de22b0df73a4e710765d51d74c0effeb5a453

SHA512
72318e04cc2770b98505a43722442153718399265bb3ac66ab6d3fda8f85e82e86ec65bc6eb34306814d72a09c2bd62153b75d17432fb6ba0a39a5d3956e2856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6650f12c15f1c3f1_0

Filesize
479KB

MD5
77fd9a058ed59cc368ecb9dbdfbcdfae

SHA1
06f5cdf8832ee497a00aac0e16fbad743198aa36

SHA256
d153bc41ec63f97f6539d2240fcc11e1f0b1fec680c05244a387e68e128c0269

SHA512
3c4278477f70e8ff96ed48d9fc0c98e20f92b21ad4132ac5960196796d9464a56ffc781d4cd90f0fe793ef11e66f352c41abd792870aaeaf6c2f4f526205948c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68d686b8b731003c_0

Filesize
6KB

MD5
f579480a190299eabc9fb759249b4e74

SHA1
f0cd036ba3cc7e2ae05a7459fce60f96f3191938

SHA256
a6ca5e74aa50a2461413b85fb563bda3e6ff55cb55d9c4d8c492f89d8e536345

SHA512
3e40623fe22794c7da39b33d33fd82eae1d60a7de81d1c120f97b45c79cf7b326669576334adddd58b136c74f03603be21c8098a07cac91705faddf1e795b86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d009a00df5567e_0

Filesize
386B

MD5
7851633bf97907608481c83105154364

SHA1
4c1398d9d44efac67835ec9b69233dce2ef94447

SHA256
0a6f544677ecdfafb8a47e0050ee392b8c48e7fe5f610380d39f19e367f83e6a

SHA512
21cb5c039c885ff6eadcd8ae1440f34ff42b015fe3ca07b8bd5333f91dcb60ca38c032d0ab42fe67e66e96afe4dd9411d3d3f39cdaca18d47c4d3df16f60ccfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78c789642ec84bd5_0

Filesize
1KB

MD5
fdda074b7f315c524cb601ae8244ab3d

SHA1
d5665f1f996810ebe7663863cc71725fd8c834a3

SHA256
1a1c3782043aa94a8d584f0a3d764c86c53e28b59db5c2a32f6fb95265398531

SHA512
2bfe46273bfe4a7e72c3aad4b4ea24a845e7572d7b70fbf7dcc2a8987e8a7285e0303fb9abf992856d901c8a62f52a9571cf2b3fb40b25d7d8cb5f9b2fca213e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87af6c47f6714cb7_0

Filesize
23KB

MD5
dc66ee8639e1c731e4fe04b8b8fbdb73

SHA1
41eece0a4bc99f92d6fdd604fa07aaf6abc9a962

SHA256
98490519818acac96e86a228203ef289b50e756b0459ce0793f92cbc85876a83

SHA512
8bdb04797f0d6bb1e38be0c4f5a227af89be0534dff2ffd27ad79242e26ab3038ccac358f3cbf4a90ef3d1f1c6a02845f22ead2f3b0eac20a1a7600dd6588ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8fbad98a38c21fe7_0

Filesize
9KB

MD5
41f6ba2a2ad5c7972a2b10b10bf51fc7

SHA1
2ac422514026100a0f56b963df4462566d56ec1e

SHA256
d3cb2e157409842c63b6971b3191ad90cd8a1d94e38d99ff489c360df9675f3c

SHA512
dc28ed5145506f94eef6a6a2cc8d2790ee1c1744f7086a117f47540ee7d2127415edde48e8860472996f949f9c75ed4067e3575e86da4cb8c1f740e848452027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\933a7b61e140d055_0

Filesize
299B

MD5
81e693d9b0a0b9345f3aedb2c02a2634

SHA1
9edb74776be84b8238d55465c02d038d1be64640

SHA256
d3cfcd8801a24f210a197830432fb685cd2bf138839836e0d5f791286a9d9877

SHA512
4eaaf9a4811c5a32d7500e7c614e1b910c64ad50bb0a8855ff66f871a5d0c851156f4652e656018365b2f5937f505eeb0d89167cc1ceb8af139cba0bc6644779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6c3309b1d7fa51c_0

Filesize
278B

MD5
475cc1060f7d9fbff748397d5a73e462

SHA1
05e0a85af15e3658e0d9a2b67bd7ea30f96e3f81

SHA256
f11bc75373b167d20a4257080946dadf2f0828208488978ada18d59782accb1f

SHA512
a31a513d7f1db379a3baed377b5a523242ff9ab7c1ea41860354f006983920c347d5bfda13ff396c246f8ad5f08c0ca046435d8596b3106b5909e4350d1a694c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1966ed542da30af_0

Filesize
88KB

MD5
f5d1d7aa59e0e33527de42b206a865b5

SHA1
61df209665bcb909f37285082e6bb81458ff8d03

SHA256
d8e52be1a12ef6eb6e58cd0121fa730f49718c08b386d7543a396a0f255c5c4a

SHA512
04eacab598c128afe0c3382e8b5622c43c52d3f405566e4b3c6475b6fd5c1bcff0e42913b95834a76992f7e22e4281c3adb0fef30aa3a8f93d17e1945a177a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca8f6a4fa05fc600_0

Filesize
76KB

MD5
f0a6810924fd12f25ff50c1a8f3c7ba9

SHA1
01270e7f26c271ae8ee7634adee952d6c6fe60c8

SHA256
2f55ac8eff60b9529ef04801b9737b17189bd1e020b049434b1fd3c13c5acf7a

SHA512
1a261999c9cc662f0da956a2ab9160c5af225d41b084c15f51eeefc0047c6b6ebed701439b53358d63bb163d2d23416c3cb19c5821b48ffb8d048356612b043c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e0b898375526494a_0

Filesize
255B

MD5
3bf67c9a3aa0fedefe0210ae10350070

SHA1
6c5c562c5692a6f18f46c66e69a9c3e412a02da8

SHA256
f59b32cb61cc4984ceb60db4def4c4d74d619cd0ee8e758ee79d27ac0e5d56bf

SHA512
c15ac9e68ebef00dc90d231560952fe4961081f8864055221f2b7fd1b312acdb434eb9e3987958e6128084c6c514ce8725d136b4183538f06e4c74451743ad54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef43bc0a03b4c1da_0

Filesize
2KB

MD5
82112d2a9c2b78d83d4ae56ed2c8d3b7

SHA1
7e383a8a616924aecb815d00eb4782df70ef9dd3

SHA256
9eeca3e8664692ab3bd017da2859aedd1a269eb80bf31e72f43935cd7bd66d22

SHA512
488dc8ef1450b48cebd71c6bc10221548ae85dfc8ca4f5319e730b1de9dca1d89124242a24f6374913c22652963837c97a56dee221bdd4ad21d50ac70c0a385b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7729cd814c25ac0_0

Filesize
10KB

MD5
816d2f54f2848cd0b556cc04eac6c187

SHA1
7fdfd6d3d849b77d65b5e8ffe43dc5146b441262

SHA256
9e3bc93967a291dffc73075ee7657c0db0ad84e96b5739c71db324a7885543e0

SHA512
c4478d8849bb9494c8f5cde535d39042c7a9f569b69141aa33ed079b17e059cebf9ae142a8a2c3b3aab83167b6d0aa7cfa478451344de2489cd28753854cefc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
765843634ac9c51af61eb60aeab75aa8

SHA1
c98f3e6e96e0561f574288d5c7240e52d419379e

SHA256
06ca616693c419b011419995bf092c331e8ecec32d63329803a0c6509814e60c

SHA512
0b58c5775cc528fe2020187146d34a05b5c8300d18b03c17769e71a8df230469dfec7c1263bc3369c25d745a704c697c36151dff6d9084a0f45ba638b62a489b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
92b61559b87ce676f29a5153c5e7326a

SHA1
39b3be46db16d427dbee0e6b2f40f842c3e9f7cb

SHA256
3c6a90567c1de139b10a57da6770d1d9eb059f7db8d306d3753e097d155fe440

SHA512
8a4acb3a1e577ae1d27b3a159b0feae1545ee48429a263542999dd2f6794540126b5e503e9422b25e4ddad54b8f4721fd961ec06db205369e7dcdbd5045d8d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5aff2247c3b43c39754891f8a55e5fc8

SHA1
71c60f41ff0e4475aba4257d64eef788149262ea

SHA256
c603f256a09afb3da6d2a33b91cd2ccf4630070401b68001e7fdb95f35e77835

SHA512
a3c9ede1fdbf2f18864729ca9c53ea5c4c110d23b90abe1700c887f7f4b7eee4b06d249aec45d1a88a2bb56bc86896194b068089e2d3ecdb0ef5b9240ff26eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06ffb00242f81ab7ffcc8f8b38095dca

SHA1
f12f742034eca3817a555cdeff477e39f410654a

SHA256
6533fa8fc502bde546f84f4bf6b8723e0c8375e4501782b011f0a47dc12ee8d7

SHA512
d84ff5734cafba02511aaefe5ceb424f3b7e5d8d177b22bb1c5f3ce96555436072449a6590ccbda3e2636e458e3a911a80575980771f6b5f6f7f9edfc3253b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45667008aca0d5e1c3dc5973d44c2613

SHA1
d30f5411d7db4204cd74d86041319ad18293ba13

SHA256
268ff8c87fd9f9530549606cd6e5a0e994ce6ce7ceaa1a02755bf9e23c81a1c6

SHA512
cf5ab477447c50fed6659d7ed032f414d1a2cb63a8547e68b2e5468e61913027be271dcfea1f987ba03fa62ecfa9ad7072851c9c0ef58d19912484602f4e7ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd36432b8eb2d20aa9ca03cbc9033c4b

SHA1
07d4dcea59c409bffe995ef58f8c5039de90558a

SHA256
e4f88f904716b5beed2a7f2888ce0221181f942af70e846b1b8fe9eac4f78b43

SHA512
a42874e38a4bb016c9a337f8339213c0ed73d430c6574d698ec587d64ead7e9d715b838d242d4a0e9bb2edb314a6ed2993f62640bc7b51f6242368068066fccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b34902da9372bc3f099af5cb47c12e6

SHA1
414d5860637a16a619b9f486f6eb87e9a383139f

SHA256
bfaa75153b79b003e02696c7128f54b36c34a1ced4f8b05c96b84aa1ea0bfd5f

SHA512
ae9b62a7b76a91bf94d4d37a372adc6d617a5813e914a093ce732c9b81c9f36241c9101f50a83882727b5868a19b56dde1c796bfb855043597fa47179052f20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
068b5de18cb211ea59a6b45408580a7f

SHA1
d2631f001eff40e59466feef1a78caa12eb41918

SHA256
6aaf8baef14c657ad6c3a92bc6335143a7b904c1bb17889dc541184031d5c100

SHA512
498c8e18092b3a2657a67b4c2195128f2c642bc65d195d8dbbc8b49006b80a6b5eb3a12a7a82ae60094c3aca8213c1f2f82a3f961cfda5af67a0f01043c13312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74b1dd8adbe75b9d88c6b28911cf746f

SHA1
7b02788a4289f486f6dee50d17cd84d516676ec6

SHA256
7d37a372aeadd6057752a96eb93ce86f0a43ef4fc3027dc4a360c1439622c6e2

SHA512
2174ddc843c8106e705bd0f490ff79bb516a718fcacee0aa4e77f377ca9ca2102282b982b83bf05536d29738da2226b63408df89b4ea749b3666234d1b8d278e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
720a572e96005b5a99f4734bc115d806

SHA1
aba9f4224f6d8c5d67aa970f00262e7a1351f24c

SHA256
7fdf7a354dd58e692cc04d81154cde1bbbb25887e48cc98843bfd46c166ea4bf

SHA512
2a4ee4ad5dbd69f469eeb8a3bbdf7c1e6e759cc8869ac0580bbe2dfac5b5895913666633f29eb3edbb9110f03dea5c1b2eeef341250fc3f3d53634cc4c4e8a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b85cf2bedf9ce526fc8d9cba0d8e6240

SHA1
680178d3529094555294570dc2347e153ed2c929

SHA256
266b6afc5247d3935a935ba445eaad77e2f5e0c3a5f2d22b1b51a76aec92bccf

SHA512
2fec4e6ab3a3785bdb213e7389e42cee98fc882f96390b497d86097209e577b289e05d9a03eb53ddc9edec668824b2eb7f8ce321c538cbdf9d249e8d69482207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d480a0659c0970e8df2ec89c8f8d701

SHA1
2fae3d9c66e0773230029dade2e0085e07b8c315

SHA256
00a081b3bb96fd0a096061394bc8da4d755393bae9e81bd66800f876d5fccd51

SHA512
fb4200263ea68de4817a7c8f3bd8570cb7f2e08dfeca237da2b1504151b1bb7feb25bae944063d294e0ba2ad281a8ff61009c5761ccd3fc48a34257160f02723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
735bebde28bda4c2fc5f799b156e3a89

SHA1
78d1307033c03061e6640a7619889c25ff19a6f7

SHA256
0d7c7d0c7955e4c941448df794304548d2b0ad794319b5de51e4d5993ed0d663

SHA512
28d63fb285e748e0e6501b72dce700c65f05fa0725a6aae2fd92598a764da4e3f63ec7990b2e8798ebbd091b42208139269c90000cf15c09cdbcfcccb9b7296c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f913b8d14d98abee260684379711fb5f

SHA1
f555b7602f31f8c396d975974b10f41f59131b2b

SHA256
4b999a516994119bfc153c8dd86aba4a86a891b476f6bd0b537cc1f5955fb5b0

SHA512
6b1ef2caca9dc584669937f02e42890e40ead519538236978366bb4d15a56dc830907d9553a63ce7c7a23c0125d3ef61d139303804b44711587842df59ddec5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2df20ddcbb653f514f07bf9e0bfcaea5

SHA1
307d95d43ab28bbe907cb3cb4c004d3d48e05831

SHA256
98d440384cf9edab3366508b445af9a1385b6cefac08123c0e4c0997b63b3f0e

SHA512
94d9bc703f6005d7987d7873d262c6eb6c3ddb1663a0c1d3a7ff330daeea6c07bdf8bf08b25055eb430b51e8737fdab804343213066442a6f196aaca84292e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.ses

Filesize
53B

MD5
ff9a40f1059593fd358ad2f478717a8a

SHA1
339813fd36e76bb3b15be293103da10996f63a6f

SHA256
ea6c3963bebb833661ff865068247987ff661b3d4d87dd3a68a99474e4a8cd4b

SHA512
d3ceec25ca3340f8b5014dd4359d16fcf7b99f78ca9c8d76aef649765fd42736b9ca86454a020d1eb8decd23a466637b3775e9dc3bc3b0320361044ccc6d0787

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\AxInterop.ShockwaveFlashObjects.dll

Filesize
28KB

MD5
a4a164927d65a1c714d84067354c2a3c

SHA1
c4b6fc4a952d992076b21db78feb53897e0e2afe

SHA256
10e9abeb968542ef88454a5e701da00ddd2813ac037ce3d132c0e359a79afff3

SHA512
40dc7646e2e5af381632ac2b88a850973bd7d82470325767f83d0434bea5099352fa0439ce6a520aeb51876a5ad2c9bd889e80b0a404174fe2eb6a89e99f37fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Interop.ShockwaveFlashObjects.dll

Filesize
32KB

MD5
0ac25dae6c751485eec4422a59b35e70

SHA1
4f36046d40921444f182c2a77287bb480fbf6727

SHA256
412582b87e6ef9d7a1327b8db94819e319a908c06ffa43cdda4137b75141e65d

SHA512
225ce792355b1d789c8917baecc5c4da71f068e3a7541fe533e1354372d841adfa47a1a99aed6b66798f53481c7c9f5e40dda7c6f77034f7d77eee7e19ae6398

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\turbo Buffering.exe

Filesize
211KB

MD5
f189d5ca0948fae50f6d843702e8cb34

SHA1
5123bc69d28f3dad14620599a27e8d7772b83e86

SHA256
fdc0b749f2985003c51994d430b333b943dd94f06b8f78504da8243917d8861e

SHA512
5a9a35b7eea174e710cd369ae4f7bdcee4173e8111b8c8d9ca3d43d48e4d92d28f09f788855d61e8418e85368e3ebbd0f1c22ce6d5a36685699b2df23bf7547c

Download Submit
C:\Users\Admin\Desktop\EmptyT.vbs

Filesize
2KB

MD5
864b90dd42ef685b83fac8d7bda8f8b0

SHA1
f27cc31bf178d948559c9589a8968fe5d3553a95

SHA256
50cea9261bb617f04b3b2152196d2a5710bc72fede5e37efd9c153e1d4861ccb

SHA512
cf19c4909ff67d49e0d09bdaf52bbafa7fd2a9c4aa8a1919bafbc6d021c8bfcfba260a900ce9762b65984d330cec44aae71578d86f62d2f2d9aaa19f7ac07221

Download Submit
memory/4420-20-0x0000000072B00000-0x00000000730B1000-memory.dmp

Filesize
5.7MB

Download
memory/4420-17-0x0000000072B00000-0x00000000730B1000-memory.dmp

Filesize
5.7MB

Download
memory/4420-33-0x0000000072B02000-0x0000000072B03000-memory.dmp

Filesize
4KB

Download
memory/4420-34-0x0000000072B00000-0x00000000730B1000-memory.dmp

Filesize
5.7MB

Download
memory/4420-47-0x0000000072B00000-0x00000000730B1000-memory.dmp

Filesize
5.7MB

Download
memory/4420-19-0x0000000072B00000-0x00000000730B1000-memory.dmp

Filesize
5.7MB

Download
memory/4420-16-0x0000000072B02000-0x0000000072B03000-memory.dmp

Filesize
4KB

Download
memory/4420-18-0x0000000072B00000-0x00000000730B1000-memory.dmp

Filesize
5.7MB

Download