ardamax | aa5973ce67d0dd6c3c49557f8e52fa19180b62596fb9fe63412a5216664e707b

Analysis

max time kernel
146s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
Size

1.1MB
MD5

5b8a2c098dc66acd836ecd4763104a4a
SHA1

7aa8d08baf7f1cc4ea1d9aee585dce03fd7f11ee
SHA256

aa5973ce67d0dd6c3c49557f8e52fa19180b62596fb9fe63412a5216664e707b
SHA512

75328db9ea4b4199bb9b13c68b64d23a2c62de314cca68e1d09cdf801ec358f37b19d477437eb4e432997166b303c5a2ed58f008dd247112359612af6389625f
SSDEEP

24576:B4VrnoeX6lXVG3bM2BMZLXffn2dcwXuZEJZY1WOwQkQtQnfBHaXj4kpt:SFoa6lkLMuaXffrKJ2UOyQMBHg4kpt

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax

Ardamax main executable 1 IoCs

resource	yara_rule
behavioral2/files/0x000a000000023b9c-38.dat	family_ardamax

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	Install.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	Install.exe

Executes dropped EXE 7 IoCs

pid	Process
1972	123.EXE
4716	akl_setup.exe
928	Install.exe
1652	KYAI.exe
3592	Install.exe
4852	KYAI.exe
7760	HTV.exe

Loads dropped DLL 6 IoCs

pid	Process
928	Install.exe
3592	Install.exe
4716	akl_setup.exe
7760	HTV.exe
4716	akl_setup.exe
4716	akl_setup.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	123.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\KYAI Agent = "C:\\Windows\\SysWOW64\\28463\\KYAI.exe"	KYAI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HTV Agent = "C:\\Program Files (x86)\\HTV\\HTV.exe"	HTV.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 16 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\28463\KYAI.001	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\AKV.exe	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\KYAI.chm	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\KYAI.003	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\KYAI.006	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.exe	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.006	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.chm	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.004	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.003	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\KYAI.001	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\KYAI.004	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.007	Install.exe
File created	C:\Windows\SysWOW64\28463\KYAI.exe	Install.exe
File created	C:\Windows\SysWOW64\28463\AKV.exe	Install.exe
File opened for modification	C:\Windows\SysWOW64\28463\KYAI.007	Install.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\HTV\HTV.exe	akl_setup.exe
File created	C:\Program Files (x86)\HTV\HTV.007	akl_setup.exe
File created	C:\Program Files (x86)\HTV\HTV.003	akl_setup.exe
File created	C:\Program Files (x86)\HTV\AKV.exe	akl_setup.exe
File created	C:\Program Files (x86)\HTV\qs.html	akl_setup.exe
File created	C:\Program Files (x86)\HTV\Uninstall.exe	akl_setup.exe
File created	C:\Program Files (x86)\HTV\HTV.006	akl_setup.exe
File created	C:\Program Files (x86)\HTV\HTV.004	akl_setup.exe
File created	C:\Program Files (x86)\HTV\tray.gif	akl_setup.exe
File created	C:\Program Files (x86)\HTV\menu.gif	akl_setup.exe
File created	C:\Program Files (x86)\HTV\HTV.chm	akl_setup.exe
File created	C:\Program Files (x86)\HTV\HTV.001	HTV.exe
File opened for modification	C:\Program Files (x86)\HTV	HTV.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\123.EXE	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
File created	C:\Windows\akl_setup.exe	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
File opened for modification	C:\Windows\akl_setup.exe	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
File created	C:\Windows\__tmp_rar_sfx_access_check_240610890	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
File created	C:\Windows\setup.bat	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
File opened for modification	C:\Windows\setup.bat	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
File created	C:\Windows\123.EXE	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KYAI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	akl_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	123.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KYAI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HTV.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x000a000000023b8d-13.dat	nsis_installer_1

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
2568	msedge.exe
2568	msedge.exe
2308	msedge.exe
2308	msedge.exe
3284	msedge.exe
3284	msedge.exe
10604	identity_helper.exe
10604	identity_helper.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe
5972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	7760	HTV.exe
Token: SeIncBasePriorityPrivilege	7760	HTV.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
7760	HTV.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
7760	HTV.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
7760	HTV.exe
7760	HTV.exe
7760	HTV.exe
7760	HTV.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 1168	756	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe	84
PID 756 wrote to memory of 1168	756	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe	84
PID 756 wrote to memory of 1168	756	5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe	84
PID 1168 wrote to memory of 1972	1168	cmd.exe	87
PID 1168 wrote to memory of 1972	1168	cmd.exe	87
PID 1168 wrote to memory of 1972	1168	cmd.exe	87
PID 1168 wrote to memory of 4716	1168	cmd.exe	88
PID 1168 wrote to memory of 4716	1168	cmd.exe	88
PID 1168 wrote to memory of 4716	1168	cmd.exe	88
PID 1972 wrote to memory of 928	1972	123.EXE	89
PID 1972 wrote to memory of 928	1972	123.EXE	89
PID 1972 wrote to memory of 928	1972	123.EXE	89
PID 928 wrote to memory of 1652	928	Install.exe	90
PID 928 wrote to memory of 1652	928	Install.exe	90
PID 928 wrote to memory of 1652	928	Install.exe	90
PID 1972 wrote to memory of 3592	1972	123.EXE	91
PID 1972 wrote to memory of 3592	1972	123.EXE	91
PID 1972 wrote to memory of 3592	1972	123.EXE	91
PID 3592 wrote to memory of 4852	3592	Install.exe	92
PID 3592 wrote to memory of 4852	3592	Install.exe	92
PID 3592 wrote to memory of 4852	3592	Install.exe	92
PID 1168 wrote to memory of 2568	1168	cmd.exe	93
PID 1168 wrote to memory of 2568	1168	cmd.exe	93
PID 2568 wrote to memory of 4532	2568	msedge.exe	96
PID 2568 wrote to memory of 4532	2568	msedge.exe	96
PID 1168 wrote to memory of 3324	1168	cmd.exe	97
PID 1168 wrote to memory of 3324	1168	cmd.exe	97
PID 3324 wrote to memory of 2392	3324	msedge.exe	98
PID 3324 wrote to memory of 2392	3324	msedge.exe	98
PID 1168 wrote to memory of 4244	1168	cmd.exe	99
PID 1168 wrote to memory of 4244	1168	cmd.exe	99
PID 4244 wrote to memory of 1292	4244	msedge.exe	100
PID 4244 wrote to memory of 1292	4244	msedge.exe	100
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101
PID 2568 wrote to memory of 1696	2568	msedge.exe	101

C:\Users\Admin\AppData\Local\Temp\5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5b8a2c098dc66acd836ecd4763104a4a_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\setup.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1168
- - C:\Windows\123.EXE
    123.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:928
    - - C:\Windows\SysWOW64\28463\KYAI.exe
        
        "C:\Windows\system32\28463\KYAI.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3592
    - - C:\Windows\SysWOW64\28463\KYAI.exe
        
        "C:\Windows\system32\28463\KYAI.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4852
- - C:\Windows\akl_setup.exe
    akl_setup.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:4716
  - - C:\Program Files (x86)\HTV\HTV.exe
      "C:\Program Files (x86)\HTV\HTV.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:7760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\HTV\qs.html
      4⤵
      PID:5840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
        5⤵
        
        PID:5880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,616225,6421,6470,6470,6631,7010,7138,6425,7214,442633,106959,160045
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:4532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:1696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
      4⤵
      PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
      4⤵
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
      4⤵
      PID:4176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
      4⤵
      PID:4664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
      4⤵
      PID:1536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
      4⤵
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
      4⤵
      PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
      4⤵
      PID:5780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
      4⤵
      PID:5960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
      4⤵
      PID:4992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
      4⤵
      PID:5440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
      4⤵
      PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
      4⤵
      PID:6152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
      4⤵
      PID:6316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
      4⤵
      PID:6396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
      4⤵
      PID:6568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
      4⤵
      PID:6700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
      4⤵
      PID:6876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
      4⤵
      PID:7008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
      4⤵
      PID:7156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
      4⤵
      PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
      4⤵
      PID:7208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
      4⤵
      PID:7416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
      4⤵
      PID:7520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
      4⤵
      PID:7668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:7884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
      4⤵
      PID:7984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
      4⤵
      PID:8116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
      4⤵
      PID:7516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1
      4⤵
      PID:8128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:1
      4⤵
      PID:8256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
      4⤵
      PID:8328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
      4⤵
      PID:8416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:1
      4⤵
      PID:8500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10280 /prefetch:1
      4⤵
      PID:8508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10488 /prefetch:1
      4⤵
      PID:8644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
      4⤵
      PID:8720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
      4⤵
      PID:8804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10884 /prefetch:1
      4⤵
      PID:8884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:1
      4⤵
      PID:8960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
      4⤵
      PID:9104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
      4⤵
      PID:9176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
      4⤵
      PID:4196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11496 /prefetch:1
      4⤵
      PID:1844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11688 /prefetch:1
      4⤵
      PID:2800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
      4⤵
      PID:4132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11952 /prefetch:1
      4⤵
      PID:9252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
      4⤵
      PID:9324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
      4⤵
      PID:9336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
      4⤵
      PID:9364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
      4⤵
      PID:9532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12852 /prefetch:1
      4⤵
      PID:9688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13044 /prefetch:1
      4⤵
      PID:9792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
      4⤵
      PID:9876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13204 /prefetch:1
      4⤵
      PID:9976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
      4⤵
      PID:10056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:1
      4⤵
      PID:10132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13640 /prefetch:1
      4⤵
      PID:10216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
      4⤵
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
      4⤵
      PID:5624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13944 /prefetch:1
      4⤵
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
      4⤵
      PID:10320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:10604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
      4⤵
      PID:7988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,544224171906615496,4877190312643932020,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9164 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,640080,6421,6470,6470,6631,7010,7138,6425,7214,442633,107210,160045
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:2392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,8484137894041009604,4562536035803543485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,8484137894041009604,4562536035803543485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,631904,6421,6470,6470,6631,7010,7138,6425,7214,442633,109788,160045
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:1292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,4399285817189266237,15228507894375260480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,303732,6421,6570,6530,6631,6698,6440,6425,7156,442633,51247,160127
    3⤵
    PID:2516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,448941,6421,6520,6480,6631,6698,6440,6425,7156,442633,75562,160127
    3⤵
    PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,410660,6421,6470,6470,6631,6698,6440,6425,7156,442633,70361,160127
    3⤵
    PID:5444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,625686,6421,6470,6470,6631,7188,7350,6425,6812,442633,108629,160168
    3⤵
    PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:5684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,631904,6421,6470,6470,6631,7188,7350,6425,6812,442633,109788,160168
    3⤵
    PID:5888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:5900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,659746,6421,13680,6940,6631,6500,6610,6425,6972,442633,114893,160233
    3⤵
    PID:6048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,112927,6421,6930,6580,6631,6500,6610,6425,6972,442633,21634,160233
    3⤵
    PID:6104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,303732,6421,6570,6530,6631,6500,6610,6425,6972,442633,51247,160233
    3⤵
    PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,410660,6421,6470,6470,6631,6850,6882,6425,6882,442633,70361,160267
    3⤵
    PID:3556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,616225,6421,6470,6470,6631,6850,6882,6425,6882,442633,106959,160267
    3⤵
    PID:6176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,625686,6421,6470,6470,6631,6850,6882,6425,6882,442633,108629,160267
    3⤵
    PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,616225,6421,6470,6470,6631,7010,7138,6425,7214,442633,106959,160045
    3⤵
    PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,640080,6421,6470,6470,6631,7010,7138,6425,7214,442633,107210,160045
    3⤵
    PID:6544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,631904,6421,6470,6470,6631,7010,7138,6425,7214,442633,109788,160045
    3⤵
    PID:6784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,303732,6421,6570,6530,6631,6698,6440,6425,7156,442633,51247,160127
    3⤵
    PID:6848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,448941,6421,6520,6480,6631,6698,6440,6425,7156,442633,75562,160127
    3⤵
    PID:7028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,410660,6421,6470,6470,6631,6698,6440,6425,7156,442633,70361,160127
    3⤵
    PID:6128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:6360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,625686,6421,6470,6470,6631,7188,7350,6425,6812,442633,108629,160168
    3⤵
    PID:6716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,631904,6421,6470,6470,6631,7188,7350,6425,6812,442633,109788,160168
    3⤵
    PID:7232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,659746,6421,13680,6940,6631,6500,6610,6425,6972,442633,114893,160233
    3⤵
    PID:7348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,112927,6421,6930,6580,6631,6500,6610,6425,6972,442633,21634,160233
    3⤵
    PID:7532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,303732,6421,6570,6530,6631,6500,6610,6425,6972,442633,51247,160233
    3⤵
    PID:7680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6470,442319,410660,6421,6470,6470,6631,6850,6882,6425,6882,442633,70361,160267
    3⤵
    PID:7896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6520,442319,616225,6421,6470,6470,6631,6850,6882,6425,6882,442633,106959,160267
    3⤵
    PID:8160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:7228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secure.bidvertiser.com/performance/bdv_rd.dbm?enparms2=6570,442319,625686,6421,6470,6470,6631,6850,6882,6425,6882,442633,108629,160267
    3⤵
    PID:7536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92be546f8,0x7ff92be54708,0x7ff92be54718
      4⤵
      PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
190B

MD5
8b4a4e4d50aff73dc91699224ddda70a

SHA1
cb123ef670220f1ab1dadb32ffd9a69ff43d35e2

SHA256
b1891c7664daab5e8b3168dbeff33742e15d1d6a8857325fe74fc0727b6315b3

SHA512
ce19867eb9c52e6142e6c976169f6a8a18ceb55cdaaa9099e74ee69e5fce95a67bd93719212a03cd648abfe1e6acdb86cff3fed8fae7f29c11d9b8a3c014fd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f70588ff8a993481a5a1c353d1898150

SHA1
10cc459c92dab2f0049bec886d74138531b6e642

SHA256
fce6042d4166828f7ab968a772dba33edc7b386d0da7db5b0083587a8ded792f

SHA512
7d6b681352e93db5303755bfefaaaed5008cdf9188ef40f463e1555a0e6a7aa790ba7e66638d9cf60a662d441d2f23014b01bda5c9f4473fd5415f261051a153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9c7611e671d35fdf2990948f604d7db

SHA1
7cd75c28be67857fae007a5022cb7836c863b1bb

SHA256
d8ebb3d3111232b93ca2ed645cee0e79c98837d4b85cdf987c936f6c924a939e

SHA512
c990fab714ba93db0f80165a70919b4e0324f0e72e9dc5bd66be250d609440a77b3762513b4a83afaba0a528628517d77e6bd9f16936a1cc63dd13b8874c72e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28b35fcce30fca141b3afadeb6925603

SHA1
113b3b54dee60fbdc043dfb0e8fb3f119877e94c

SHA256
5f5d2b48ad86d7001193e12ea1e9b8288422076ce9eaa0b364c037b1289aa85e

SHA512
f9f38b69e8557bbd7646a2706a4925fac2992724485d2a73cb7da391d0bb07b1b72f8ef4fa3f1ca791fbc897efa3d412745837c0fd344cf8d094868ca3664c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c33b6eee6bd6732b3a835d0cc0bee1d6

SHA1
eb68aa021595e3f88ef10c075d7f4dbdae51e691

SHA256
7de82520df251198a4c0a398fe347387698e67b7fb8d998292c14689e8a3f4e8

SHA512
88223c17c277ab1d73efc1b7fd8a8d8ccd5f3318bffe9bfa3f2e87335f82f59e13e593401bf5ec2a9c63088fa5bbfe9fd9c04eab876f05f996d094bd2bfa4338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
698b81374095ecc1b83946c525bed6e3

SHA1
24ac89dc3691a4d8797ea08adc56a579ebc30cd2

SHA256
ec1196449dc4842a86569c37c87547cb7935d401b2620f0ec908b271b473873c

SHA512
d0c0e785df0eb002ccc9777136b3e682bf85e3178d6dd6b9e54e902f9e33b21132fef2821cb1a5627a18b9768e90134721512f4df7d691f7b243e131b052cf85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5cc03a761c1caf3ae3b851b15cd00059

SHA1
9d6ae7f5586ae76f0716c209d8c149083b057969

SHA256
04ddf8d7e785ead7c4f438bbd2ecf701ed41b444d827e11469a36caf19463b3e

SHA512
ef49b9ccc77f0e5cc7554e720f13f87399016b2077abca97aada10642f0f8c1f2581365dcbaa57e47adfa40d61d10cfa9664127106f9a4043733be4e68732d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\@703E.tmp

Filesize
4KB

MD5
27092ec75c1839f36bfe900a38acc484

SHA1
fe14b750a0ed653246c5f358891f8c1241913bb2

SHA256
e6e29699840ae26c452227f9a1c9fd0e3cda0c2413c4255df9fc066c47af0e07

SHA512
815477e8681e38dd3110171adbaf06738eb9d63839671a959a296ec1a1fb17d788682dde5e6a1f0bffa3b4deda4577292ffa37ce10b95ad14276ffcd0795ac0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install.exe

Filesize
516KB

MD5
e7b58e543a3fff0ef8e3bdf7cd7b66fa

SHA1
0883a1ec2e870edfbd1edd871d89e9de0a92edb1

SHA256
8fa6fdfa9b1027acf9191eaa259657469c68beed300fb4306df68bc61b94abad

SHA512
bd3fbddfd956758c25ebfa31de18735e5226e33909d63a98a056d35e88bc542aaed5767e708a5c278674dd80b9e466025bdfcc304aa5477efad5a27a84cabfcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7040.tmp\InstallOptions.dll

Filesize
14KB

MD5
296a5f3179fa8d7a7a855eaf696ede44

SHA1
57aa5b71553ed282dd22c768e039a187f5c13f63

SHA256
ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960

SHA512
bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7040.tmp\ioSpecial.ini

Filesize
719B

MD5
0235ff4b75d41aa828567b61983890a2

SHA1
c9b04b60f5b19c8a8a1fd12e9f3cd150dba52f26

SHA256
ce815518594a5a4b8e0d439b8a15a5f7eff7858520476004a3fd00c28567d01c

SHA512
57d527a7caa465519a59911996cbf23d901766e4f4c9ab50d0b8dc1337f0a8274d92b85d086777b946dba3cdcaf94b3adf9dac1fd4366c021471a250343e1cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7040.tmp\ioSpecial.ini

Filesize
793B

MD5
373f1c97576eda0d30e0aea79629fdac

SHA1
fa72c18b7d8bae61001199d0549e8d950b929660

SHA256
02cfbb517bbaf072c54f8e563ac0f2a5074f66bbc2b5c314d1f61f4be8d674ab

SHA512
4adadb0ce54ebd8d758a067e93aca903e94114a29fe5dada59a9b379714ab3d51619b6e00230efcd0fb4ca361384ebbd48c377d3574a20ddc1b915eaa52d9ef5

Download Submit
C:\Windows\123.EXE

Filesize
591KB

MD5
83039d740cff2a76843cdcf44df67db3

SHA1
580267eb6d3b569536b2ff3e62cfdb0215612963

SHA256
daf364e803148f307cd946c1360cde94666cf8d0a21f80a020a0825da2389507

SHA512
4c519c94aa82119c2228ccaa8974a17d790dc7a9e33164a8f86c30ccff7181827dcafb711d0ff3e8334caa08cc95264ac69891edc6a181fa4307cf49937cfc38

Download Submit
C:\Windows\SysWOW64\28463\AKV.exe

Filesize
394KB

MD5
b87e2e56dbf34fb12705317f4d361c12

SHA1
3b4a6c2fddaab9f71747437c60dc7ad85661b4fa

SHA256
1ed5873542484a3f4c898de6684fc04bc0929e4fc795cd09b4b86f17e817d85a

SHA512
9d1bf05a200efda561f3141d3a4c70a347ba2a64fbfb5fb9b432956660b4aabc492f93fa50ba1928a3c408ec048c357a50cb79d12ba6200b28b1aeb98dbc39a0

Download Submit
C:\Windows\SysWOW64\28463\KYAI.001

Filesize
386B

MD5
5a04cb6e267bf305c267976013d0d658

SHA1
02166d55901e3f40d83757ced3ebb525b46db9ea

SHA256
e9290da642aa50f28f97fe0ba5d2485317aae1bdaa5616bff4627376653e6c54

SHA512
f9e4f743f745bddf7c8ac9677e8ca2a89a95c2c9c9d8db0901a5ce17e0f49c1b4c31a6004a37f2ca6547635476842e8857fc5f1a858fde2564791d1564cb8857

Download Submit
C:\Windows\SysWOW64\28463\KYAI.004

Filesize
14KB

MD5
a0ce5cac85b0d667ce2a7c6fa23bfb3f

SHA1
9b40f537f10e77a37d33ab580d1dda16a87c1715

SHA256
9e9bf0727756fc07aa01fa08e204fb293fd2e16afd57b7b4ae6e7c258ff9af21

SHA512
daee767df015e0dd9c0e56708fae6c0e339f6b8654d62c1e75aaa0c1d86a40ad028055b7f70385e7cb8d1ad65272a7c8ed8d62435ddcf3c75234c35a79898046

Download Submit
C:\Windows\SysWOW64\28463\KYAI.006

Filesize
8KB

MD5
aae8ccee5d5eed5748d13f474123efea

SHA1
6da78da4de3b99a55fad00be2ec53a3ad3bd06ae

SHA256
10c464d1675774e0282171555d59fb8975ed6c0e6a781182490f48e66823a5b8

SHA512
d370e1ffeeb81b3f07b83a9cf1e3b44635fde7aa6ac999bccafece8091dbf96f0a78257bb0e03b3689dc47fb4e96ec7deac7848a43ddef62afc9b8cc665ee8bd

Download Submit
C:\Windows\SysWOW64\28463\KYAI.007

Filesize
5KB

MD5
40685d22d05d92462a2cfc1bba9a81b7

SHA1
f0e19012d0ed000148898b1e1264736bed438da8

SHA256
cdca1e5bc4c5129caa8eeddf637c820b6241c8790ce1a341e38e8324ae95afa0

SHA512
21961d2dd118b45bde4cf00b4570712791a22769d05afb5b6c54355b0aaee9b7f7de00b357845349ef957807452365134d51e11181d2d45f98ed0cc9402de90b

Download Submit
C:\Windows\SysWOW64\28463\KYAI.chm

Filesize
33KB

MD5
42846078b67efd94ac02b3508cc02e9a

SHA1
7f9c5b8d5e6a2f15c918fe4fed1bb09336e752f6

SHA256
d893781c03ada45dc15c20b5809d9b2a920abaae1e7366698db5c9c93b524096

SHA512
836a142630f61221b61e2d58ef78bf7984c9033f1a96941a368630464de78a4287cde41088f6f8c43abfb03baf8c320e2e3deb18248d95b9c347b9d82480b144

Download Submit
C:\Windows\SysWOW64\28463\KYAI.exe

Filesize
473KB

MD5
339ae4ce820cda75bbb363b2ed1c06fd

SHA1
62399c6102cc98ed66cbcd88a63ff870cf7b2100

SHA256
1e4a463ac0d463cee1f52f9529474484157c85d671aea1ab5f4173df12de01b6

SHA512
5da8b333a839c4b169c6f4c9a1929918f166a895af7818c8223df7ed22279aac3b6ef88f89ee083a4f475f82ec6078f8e9800a9afc9547712245d090636a284a

Download Submit
C:\Windows\akl_setup.exe

Filesize
418KB

MD5
8e8df3906f147a6eda7403b528cc8305

SHA1
3a7be64f32095abcbcb16206918ed3c7f39b0ded

SHA256
74770de17e1b13830ce508c2f28105eb1ee2dc31395cbf54f234f60251434a5a

SHA512
500a909370989cd32f30c088f3dd12681208d03c298a8c6748672de840f4bf300c7dfe77c37167e7aa8507681d1961016bd5910b2ac7849bcd172734f39b525c

Download Submit
C:\Windows\setup.bat

Filesize
14KB

MD5
69dcd8b7456a4ad1c35151bef190a0c7

SHA1
1494b6c15a3b1fdcd0dff6d00d0cd30c14e75989

SHA256
72c426f21e46437de6ad7d07dbcfd8f9746218421d95fc8f9fbb8675adcc748e

SHA512
6e56391ffa19ba97db3e868c2da4c3253334294ed94efd6ef3f15ac19ac3e53ea7630b5b809b13b419e37d4c8897a7b56a432acd8de2a145d5042c18b098d196

Download Submit
memory/756-97-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download